|
Posted by Peter Fox on 09/26/98 11:27
Following on from Han's message. . .
>Our app runs on end-users machines (apache2.x + php5). At this moment
>it is quite easy for someone (who has access to the console) to insert
>a couple lines of php code to steal sensitive info.
>
>Is there a way to check the integrity of the php and javascript code by
>using digital signatures/simple hash/etc. ?
>
>What do you do to verify that your code has not been changed by someone
>else and everything is leaked to a rogue site?
>
>Thanks for your help
>-Han
>
There are four issues which will have varying importance for you.
1 Detecting an intrusion/abnormal activity/ code change
2 Preventing an intrusion/abnormal activity/ code change
3 Verifying the /system/ does what it is supposed to
4 Preventing information leaks
These are very different things but need to be considered together.
Example: You have a program that through some magic sets off an alarm
when it is tampered with or used by an unauthorised person. Job done?
No.
Mr. Blackhat takes a copy and disassembles it in his workshop,
neutralises the alarms and modifies the code (which might be accessing
the database say) for his own purposes. Then he runs the copy as a
separate program and has cracked open the database or establishes a fake
trust or whatever. The original program is running perfectly smoothly
and you may never know all your doors are being unlocked by a duplicate
key. (Oh and Mr.Blackhat is not a terrorist or industrial spy but a
disgruntled employee who only wants to change the master password so
your data is inaccessible.)
A book could be written on the subject.
It has been written on the subject:
Security Engineering by Ross Anderson pub. Wiley.
It does deal a bit with technology and privacy and methods, but the
really important message is that you need to start with a threat model
and develop a set of methods for dealing with those threats... ...but
don't expect anything to be watertight. The two classic mistakes are
protecting the wrong thing from the wrong people and /relying on/
security by obscurity. This book is excellent because it makes security
*interesting* and so there's more hope that people will make the effort
to study it, keep up with state of the black art and recognise that it
needs investment.
--
PETER FOX Not the same since the icecream business was liquidated
peterfox@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>
[Back to original message]
|