Re: Re: Code Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



But the fault here isn't with PHP. Ethan couldn't do what he wants,
the way he seemingly has things set up, with any programming
language.

Compiled code might let him obscure things a little, and also
potentially help hide the credentials used to access the db, but it
would still be a totally insecure environment. 

In a *nix environment (note -- I don't think it's clear what OS he
is using) you might be able to chroot the "user". This would
mitigate things some, but there are still many holes.

He could set up VMs on his single physical box and get client/server
separation that way. That would improve things markedly. 

In the end, however, the "user" has direct control of the physical
box which leaves a range of options for access to the [user] data
(which is more important to protect than any code) that should cause
this setup to fail even fairly basic security audits.

There are ways to approach this, but it seems to need rather serious
re-engineering -- with data privacy and security as the key element.

   - Richard



------------ Original Message ------------
> Date: Wednesday, February 18, 2015 10:14:43 -0500
> From: Mark Murphy <jmarkmurphy@xxxxxxxxx>
> To: Taco Mathijs Hillenaar-Meerveld <tm.hillenaar@xxxxxxxxx>
> Cc: php-db@xxxxxxxxxxxxx, Guru <nagendra802000@xxxxxxxxx>, Karl
DeSaulniers <karl@xxxxxxxxxxxxxxx>
> Subject: Re:  Re: Code Security
>
> @Taco, Read back through the whole thread and you will understand.
> Ethan just can't do what he wants to with PHP.
> On Feb 18, 2015 9:59 AM, "Taco Mathijs Hillenaar-Meerveld" <
> tm.hillenaar@xxxxxxxxx> wrote:
> 
>> Sorry if i misread and put my reply in a wrong context.
>> but from how i read this question it is all about preventing a
>> user to open a terminal window.
>> 
>> if Mr. Nice is logged in then i assume he has all rights as the
>> topic starter is afraid Mr. ugly can look at his code.
>> 
>> as far as i know it is not common practice to work direct on a
>> server and have all rights and allow other people using that
>> computer when connected to the specific server.
>> Ethan also pointed out that he made a POS (Point of Sale) program
>> to work in that store. there are 2 account types: 1>admin
>> 2>worker.
>> 
>> the worker should not have any rights and the admin account
>> should only be able to change/edit things within that program.
>> --------
>> 
>> i don't see why anyone (the admin included) would need to have
>> access on the stand alone server apart for maintainance duties to
>> keep it all up and running.
>> the server needs to be locked in a server room or another place
>> that will fit. but definately locked.
>> 
>> if someone can get on that server through a terminal it will mean
>> something has gone horrible wrong.
>> 
>> i am not sure if Ethan is trolling though. but if i understand
>> his question right and it's a honest question, it sounds kind of
>> weird to me.
>> 
>> when i get an order to install a server, my first question would
>> be like: - who is going to use it?
>> - who has access to it?
>> - who need to have access to it?
>> - where will this server be placed? (server room, datacenter,
>> store).
>> 
>> once the server is installed i have a root account, an admin
>> account with certain rights and i have made a couple of
>> 'administrator groups' . the programs like apache are in this
>> group aswell. but this has nothing to do with the administrator
>> account from the POS.
>> 
>> so are we here talking about securing the code of the POS and its
>> content or are we talking about the basics of securing a Linux
>> server? if it is the latter, the Topic starter better read about
>> how to secure his server. btw, i'm wondering what his question
>> has got to do with PHP and databases :-/
>> 
>> in addition:
>> 
>> *as soon we talk about 'looking at code' and 'user is logged in
>> as an administrator with all rights to delete content' you will
>> make ANY administrator*
>> *nervous :) i know a couple of admins, trust me, they are
>> paranoid and won't trust anyone near their machines. not to speak
>> about getting access to a server!*
>> 
>> 
>> On Fri, Feb 13, 2015 at 6:28 PM, Guru <nagendra802000@xxxxxxxxx>
>> wrote:
>> 
>> > Put a redirect code in www folder to your index page.
>> > On Feb 13, 2015 10:55 PM, "Karl DeSaulniers"
>> > <karl@xxxxxxxxxxxxxxx>
>> wrote:
>> > 
>> > > Set up a password or a salt that Mr. Nice has to call you to
>> > > get and expires on logout.
>> > > 
>> > > Lol
>> > > 
>> > > Best,
>> > > Karl
>> > > 
>> > > 
>> > > Sent from losPhone
>> > > 
>> > > > On Feb 13, 2015, at 8:47 AM,
>> > > > erosenberg@xxxxxxxxxxxxxxxxxxxx wrote:
>> > > > 
>> > > > 
>> > > > Ethan,
>> > > > It seems like you're looking for a programmatic solution to
>> > > > a
>> physical
>> > > > security problem. In the end, your most viable solution
>> > > > will likely be to train Mr. Goodguy to remove the key the
>> > > > same way he needs to remember his ATM card after a
>> > > > withdrawal. I've seen programmatic work-arounds to solve
>> > > > similar issues, but they have always ended up being
>> > > > significantly arduous for the end users...
>> > > > Respectfully,
>> > > > Joshua D. Arneson
>> > > > -----Original Message-----From: Ethan Rosenberg
>> > > > [mailto:erosenberg@xxxxxxxxxxxxxxxxxxxx] Sent: Friday,
>> > > > February 13, 2015 9:12 AMTo: php-db@xxxxxxxxx.netSubject:
>> > > > Re:  Code Security
>> > > > On 02/13/2015 02:58 AM, Karl DeSaulniers wrote:> Prevent
>> > > > THIS from ever happening.>> On Feb 12, 2015, at 11:03 PM,
>> > > > Ethan Rosenberg wrote:>>> He asks Mr.[naive]Nice if he
>> > > > could look at the computer while it is logged in.>>>
>> > > > Otherwise, I would say an external key that has a salt
>> > > > stored on it that the user has to insert in the computer
>> > > > before the system can be accessed.> Like an access key card.
>> Immediate
>> > > > shut down when tampered and/or removed.>> Just a stab in
>> > > > the dark though.>> Best,>> Karl DeSaulniers> Design Drumm
>> > > > Karl -
>> > > > Thanks.
>> > > > The key is already plugged in. Mr [Naive] Nice is using the
>> > > > computer, and is logged in. Mr. Ugly just want to "look at"
>> > > > the computer. Ethan--
>> > > > Joshua -
>> > > > My apologies for an HTML message.  That is all I have at
>> > > > work.
>> > > > 
>> > > > How about this -
>> > > > Block access to Ctrl-Alt-Del for Mr. Nice.
>> > > > TIA
>> > > > Ethan
>> > > > 
>> > > > 
>> > > 
>> > > --
>> > > PHP Database Mailing List (http://www.php.net/)
>> > > To unsubscribe, visit: http://www.php.net/unsub.php
>> > > 
>> > > 
>> > 
>> 

------------ End Original Message ------------



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux