[prev in list] [next in list] [prev in thread] [next in thread] 

List:       quanta
Subject:    Re: [Quanta] Kommander news and fund raising
From:       Andrew Lowe <andrew.lowe () manildra ! com ! au>
Date:       2008-02-27 0:26:55
Message-ID: 200802271126.55167.andrew.lowe () manildra ! com ! au
[Download RAW message or body]

On Wed, 27 Feb 2008 10:21:05 Eric Laffoon wrote:
> On Tuesday 26 February 2008 3:01:14 pm Andrew Lowe wrote:
> > I would hope that you are not suggesting to upload projects to the
> > production server via HTTP using PHP.  PHP, and therefore Apache would
> > need write permissions to the project which would introduce a major
> > security risk...
> 
> Actually I'm suggesting using a password protected area and HTTPS. Anything
> else would be nightmarish as you would be exposing yourself to all kinds of
> evil.
> 

The problem is that the unix permissions would have to allow the webserver to write \
to any directory or file that you want to be able to replace.  This means that any \
script (php/perl/ruby,etc) would be able to write to these files (change/modify \
them).  This is  usually not too bad if you are writing data such as photographs or \
word/pdf documents to the folders, as you tell apache that it cannot execute \
php/perl, etc in that folder.  I have had a php server exploited in the past by \
spammers using just this meathod  (inject php file into a directory, then execute it \
to use my host as a spammer portal), and since make sure that all web-server writable \
folders cannot execute scripting languages.

It only takes one file the user has uploaded in the server-writeable directory to \
have a security issue to be exploited and this can happen - wholesale replacement of \
the site.  The fact that the original script uses https and a password is required \
does not matter  if one of the uploaded files is exploited.

> > The other option I could see this as is a PHP script on the server
> > listening on a specific port, again a potential security risk - unless
> > bugs are really kept fixed regularly.
> 
> To me it's academic as it would be up to the user to implement their
> security features and place the file. If done right it's vastly more secure
> than FTP and if done wrong... It seems any convenience can offer a downside
> of disaster.

Yes it is more secure then ftp, but in some ways not... there really is not way to \
secure the site from this type of exploit if you want to use this method of uploading \
php ( or other executable type ) files.  The directory must be webserver writable to \
allow any php  script to upload.  The way to secure this would be to copy the files \
to somewhere not accessable via http, then have a script running as a user other then \
the web server move them, perhaps via cron, or other methods.  This would not be \
convenient to support  as it would be as complicated as using SVN.  An exploit in \
Apache or PHP could also be used to hit this directory... and insert evil scripts...  \
This is why it is recommended that apache cannot write to web folders.

> 
> > Using Rsync would be good option - it is what I tend to use for backups
> > and stuff, and works over ftp, sftp, ssh, and other protocols - just
> > using the command line.  For project synchronizing I tend to check my
> > local project into SVN and then update/check-out from the production
> > machine (and the opposite for those changes done on the production
> > machine) for - works well with PHP code (no compiling) - also make sure
> > that .svn folders are forbidden in Apache.
> 
> I use rsync with Gentoo. I should look at it and see how suitable it might
> be to make a plugin with.
> 

running in BASH:
if ! rsync -q -a --delete -e "ssh -q  -i myssh.key" ${PROJECT_FOLDER} \
${USERNAME}@${SERVER}:${PROJECT_PATH} then 
	echo 'backup failed'
else
	echo 'backup worked'
fi

seems to work for me - getting variables would be one of the harder parts - I think \
you can specify the password on the command line - but for my backup jobs i use keys \
stored in a file. (oh and watch the --delete !)

> > It would be good to understand what method you are suggesting....
> 
> Actually I'm looking for suggestions. All my preferred ways to accomplish
> this seem not to be working and my alternate choices are currently under
> investigation. In any case I want to come up with something that is easy
> for me to impliment within Kommander, which I'm quite fast with, and make
> available as a plugin.
> 

Hope these comments help... 

-- 
Andrew Lowe
    System Administrator & Programmer
        Information Technology
            Manildra Group

Email:   andrew.lowe@manildra.com.au
Phone:   02 4423 8270
Mobile:  04 1323 8270
Fax:     02 4421 7760 
_______________________________________________
Quanta mailing list
Quanta@mail.kde.org
https://mail.kde.org/mailman/listinfo/quanta


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic