Security Basics mailing list archives

Re: Very basic security question:

From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Mon, 27 Jan 2003 13:41:10 -0700

On Fri, Jan 24, 2003 at 10:07:07AM -0800, Curt Seeliger wrote:

On Thursday 23 January 2003 11:31 am, Brad Arlt wrote:


Though shalt not let network services alter any critical files is the
best approach.

What is normally done by myself and others I have talked to is a PHP
gateway server.  You would write a daemon that your PHP code talks to
via a Unix domain socket.  The protocol you use to talk to your daemon
would include a username and password (so the deamon can ensure it is
talking to an authorized user).


As a newbie, I don't see how this is more secure.  The service is
still directly available via the network without the PHP program.
Secondly, a hostile user could make arbitrary account changes if
they were able to run the PHP program.


The use of a Unix domain socket means connections to your daemon are
restricted to the local machine.  Further, because the daemon is
present, the web server need not run as root.

I am making the assumption these two things are good, well worth the
bother.  If you feel this doesn't buy you anything, then maybe its not
worth it for you.

Now further, PHP (ASP, JSP, whatever does it for you) is kinda big and
complex.  Your daemon is going to be simple, and kinda small.

PHP and friends are multi-purpose robust languages that must do all
sorts of things, with nice looking error messages.  Your daemon can be
single purpose, can exit fatally at the first hint of problems, and
because you and you alone are writing the daemon and client *no*
flexablity need be present.

This adds up to your daemon being easy to audit, easy to write, and easy
to see it go wrong (so you can fix it without staring at the code
saying "uhh, it looks OK" for hours on end).

Of course it is possible to screw it up, and big time.  I'm not saying
that one can't write something worse in C/Perl/Python than one could
in PHP.  What I was shooting at is, it is possible to write in C and
do things PHP running in Apache just can't give you.

-----------------------------------------------------------------------
   __o          Bradley Arlt                    Security Team Lead
 _ \<_          arlt () cpsc ucalgary ca                University Of Calgary
(_)/(_)         I should be biking right now.   Computer Science

Current thread:

RE: Internet Cafe, (continued)
- RE: Internet Cafe Stephen A. Santos (Jan 17)
- RE: Internet Cafe DeNoyer, Rick (Jan 17)
- RE: Internet Cafe Ogden, Earl (Jan 17)
- RE: Internet Cafe Paul Baugher (Jan 17)
- RE: Internet Cafe squid (Jan 19)
- RE: Internet Cafe Terry Peterson (Jan 19)
- RE: Internet Cafe Gunn, Jeff (Jan 21)
  - Very basic security question: Ing. Bernardo Lopez (Jan 23)
    - Re: Very basic security question: Diego Figueroa (Jan 24)
    - Re: Very basic security question: Brad Arlt (Jan 24)
    - Message not available
    - Re: Very basic security question: Brad Arlt (Jan 27)
- RE: Internet Cafe Nick Besant (Jan 21)
- RE: Internet Cafe Will Munkara-Kerr (Jan 21)
- Re: Internet Cafe Ricardo Castanho de Oliveira Freitas (Jan 23)
- RE: Re[2]: Internet Cafe Paul Stewart (Jan 23)