On Mon, 4 Aug 2003 16:38:17 -0500
Jesse Pollard <jesse@cats-chateau.net> wrote:
> On Monday 04 August 2003 11:35, Stephan von Krawczynski wrote:
> > On Mon, 4 Aug 2003 18:16:57 +0200
> [...]
> Don't do that. It is too insecure.
>
> 1. the structure you describe is FRAGILE. Just adding one more entry
> could/would break the entire structure.
>
> 2. If you mix security structures like this you WILL get a problem.
>
> What you do is copy the declassified data to a nonsecure area (also known
> as released data). This way the user can modify internal cata without
> causing the web server potentially catastrophic releases.
>
> Same with the SQL. Do not attmept to mix sensitive and nonsensitive data
> this way.
Your just kidding, don't you?
Definition of "problem" here is: service got corrupted. It is really of
_no_ interest if the data that was corrupted is "sensitive" or "nonsensitive",
because the only cure in both versions is rewriting from scratch (and dumping
the server of course).
So your possible downtime is just as big in both ways. And nothing else counts.
> If you web server got hacked, how do you prevent the hack from ADDING
> more links? Or adding SQL injections to other applications...
I don't, because it is simply impossible. If you are root on a webserver
everything is lost, no matter if your data is local or nfs-mounted you can
delete, relink or whatever you like at will.
The only thing you _can't_ do is access data that is not exported to your
hacked system. And that's exactly what I am trying to do: don't give any more
data away than absolutely necessary.
Regards,
Stephan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 07 2003 - 22:00:25 EST