|Subject:||I never saw anything less secure than this solution.|
|Summary:||Package rating comment|
Artur Graniszewski rated this package as follows:
|I never saw anything less secure than this solution. In order to make it work, the HTTP server would have to be launched using a sudo'er user account. |
This is a most important part of securing the server: NEVER USE A PRIVILEGED USER TO HANDLE USER REQUESTS! In case of buffer overflows or fatal exceptions entire server would be compromised!.
What else? Your script is prone to the race-condition attack. A potential malicious user with an access to the PHP intepreter (even if launched using an unprivileged account) could access the /tmp/shadow and /tmp/passwd files created by this class.
|2011-12-06 00:24:55 - In reply to message 1 from Artur Graniszewski|
but this script will be use in a controlled server that anybody can't access..
and it just to explain that it's possible do in a simple way
|2012-01-08 14:18:18 - In reply to message 2 from Marcus Brasizza|
|I think if Artur "never saw anything less secure than this solution" then I'd not be rushing to engage his consulting services (I've seen some real howlers in my time). However there is a very good reason for migrating passwords from /etc/passwd to a file readable only by root - and anything which undermines this privilege separation *should* be clearly labelled as such.|
|2013-03-13 09:44:51 - In reply to message 1 from Artur Graniszewski|
|Can u jst tell me to how to use this class in my php file..|
please mail the solution on my mailid firstname.lastname@example.org
|2013-03-13 11:52:46 - In reply to message 4 from Jaimin Mody|
All solutions have their particularities and the security is relative.
For instance, if you have a software intranet that is inside your company, I don't see a problem to put root in apache of any other user, if of course you know how.
In this case you need a Linux (fedora tested) with apache accessing a root.
I can't imagine anybody using root fo apache in a vps or websites.
|2013-03-14 13:55:50 - In reply to message 5 from Marcus Brasizza|
|Most of todays attacks (versus Google, Facebook, and even antivirus companies like Bit9) were hacked from the intranet.|
How does it work? Just send an e-mail with worm to a non-technical employee of that company and watch what will hapen next. Most worms are designed to attack Active Directory servers (and get admins password by brute force and such), scan the entire LAN for other workstations and servers, perform remote attacks on network services like FTP, HTTP, LDAP, AD or NetBios.
In that case this root solution would fail epically. Especially that most of companies I saw, do not have the DMZ set between LAN workstations and their servers.
None of serious security auditors would approve this solution.
|2013-03-14 18:54:28 - In reply to message 6 from Artur Graniszewski|
I deeply respect your opinion about security.
But in my solution we are sure no one will have access to the application server because it is not accessible by the internet.
I researched a lot to achieve this solution and I know that is not the best, but that is the only supported access.
The class is purely academic and should be used with extreme caution and only if you know what you're doing.
Thanks and have a great day!