httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@ai.mit.edu (Robert S. Thau)
Subject Re: PUT authoring
Date Mon, 17 Jun 1996 17:43:08 GMT
  Just a thought... is there a way to use "skey" to make authoring
  secure?

There are two separate issues here.

S/Key is potentially useful as a way of authenticating clients to
servers for *any* purpose, be it submission of stuff via POST,
ordinary browsing, server administration, authoring, or whatever.  As
a matter of both policy and implementation, the handling of
protocol-level authentication in Apache is completely orthogonal
inside the server to what happens to the request (whatever it is)
after authentication succeeds.

However, authentication is not the security issue that bugs me most
about authoring --- even if someone decides (as a matter of policy) to
maintain an open directory where anyone can dump stuff anonymously, so
that authentication of individual client identities (which is what
S/Key addresses) simply isn't an issue, that doesn't mean you want
them to be able to screw around with your system in arbitrary ways.
(In fact, allowing anonymous access may actually make the problems
worse, since large public facilities tend to attract pranksters and
creeps who would be likely to abuse what holes exist).

So, the problem of designing an acceptably secure authoring system is
really figuring out how to structure it so that you can create that
directory (in which anonymous clients can upload random stuff) with
reasonable confidence that there are enough safeguards in the machinery
that neither malicious clients nor malicious local users (with direct
access to the components of the authoring system itself) will be able
to use it to install, say, a new /etc/passwd file.

(In other words, I'd like something which, unlike FrontPage, doesn't
have to have a big red warning on it which says that clients can upload
a CGI script and use it to become root).

rst

Mime
View raw message