Hi! Richard Lynch wrote: >Don't take the wrong but you're probably not really skilled enough (yet) >to do what you want to do... You're right, but we all have to start somewhere. And I don't take the wrong, I appreciate your answer. >sudo is probably the best solution, Well, it's the only one that has been suggested. >but you've got a long row to hoe >before you could safely implement all the features you describe... > >That said, if you mostly trust everybody on your Intranet, and if you're >willing to put off the Internet access for a long, indefinite time period, >you'd be "okay" if you can prod your users to report oddities and errors, >and if you do a TON of security reading between now and the day when you >put it live on the Internet. > >If you don't trust your Intranet users, do this on a development machine >that only you can access until you're way way way more comfy with sudo and >Linux security in general. Right. Fortunately I'm not alone on this project, and the others might know more about this. I just want to present the best solution to the team, and to implement it in my program. There are 4 obvious ways the users could abuse the elevated privileges: 1) By directly doing something with my program, such as deleting a user. This is not possible without the correct set of permissions. I hope. I've taken great care of this point and controlling rights for user groups is implemented deeply in the program. There are many checks done for this kind of thing. If you don't have specific permission, you can't do it. So this method relies on my abilities as a php programmer, and this possible weakness is inherent to all programs everywhere. 2) By exploiting an error in the system, such as PHP, Apache, MySQL or the file system. These things are partly out of my reach, but there are some things I can do to make them more difficult. Such as NOT running Apache as root, which would be an easy way of solving my current problem. But this is where your good point enters the picture: I simply don't know enough about attack vectors and how to counter them. Just how could a weakness in MySQL be exploited and what can I do about it? The best I can think of is to keep reading and to apply all the common sense and critical thinking I can manage. 3) Session hijacking. I've implemented all the good security advice I've been able to find. I can't really do much more than that. 4) The easiest way to do damage is, as always, by social engineering, getting hold of somebody's password and such. One of the things I've asked for is articles and tutorials, but there apparently aren't any on this subject. I can find many on validating user input, securing sessions and that kind of thing. But not this, no "howto make php run useradd safely". I've seen many other people have problems with this, but no tutorials are to be found. Thank you very much for your answer, Niels -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
