Posted by Gordon Burditt on 07/20/05 21:25

>I'm currently working on desiging several web based applications that
>would be grouped into a larger web based menu system. However I'm not
>sure exactly how to go about making it as secure as possible.

"as secure as possible" typically means "disconnected from the net,
powered off, and with the hard drive smashed into a thousand pieces,
buried 5 miles underground or launched into the sun".

What security policy are you trying to enforce?

>I'm guessing most systems are setup in the following fashion. Create a
>single user account (I'll reference this account as ROOT) that has
>access to all the tables my applications will use.

That, as I understand it, is a *MySQL user* account. It has nothing
to do with a UNIX or Windows login account of the same or similar
name, except by coincidence.

>Create a table for storage of username/passwords/userid # etc etc

These are *WEB user* accounts.

>Create a table with permissions details for each user userid # so when
>the menu page is displayed it knows what programs to show to the user.

If you are basing security on "if he can't see it, he can't use
it", that's not secure. Once he sees the link for it, he can then
use it. You need to check whether he's allowed to use it before
letting him use it, right when he clicks on the link.

>At the login page have the user enter their login and password.
*WEB user*
>ROOT
*MySQL user*
>accesses the user account table and verifies the entered information is
>valid.

>So the user is now logged in and page simply displays all applications
>based on the permissions table for their userid #

When the web user attempts to use an application, a check should
be made whether he's authorized to use it. Depending on your login
setup, you may not have to re-verify the password (sessions can
handle keeping track of who the web user logged in as) but you need
to check "is user mike allowed to use the global_thermonuclear_war
application?" If not, display an error message and/or redirect
the user to the login page.

>I guess my questions are is this safe? If somebody is able to access my
>login.php page
>(really any other pre parsed .php file)

What does pre-parsed have to do with it?

>that uses the
>ROOT account to access any other table they would essentially have
>access to all applications.

>As long as I don't allow access to my web data files via any other
>method but HTTP can I ensure that my web server wouldn't allow users to
>access pre parsed PHP files?

Gordon L. Burditt

[Back to original message]