<div dir="ltr"><div class="gmail_quote">On Fri, Jan 29, 2010 at 3:06 AM, Amos Shapira <span dir="ltr"><<a href="mailto:amos.shapira@gmail.com">amos.shapira@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
My question - am I re-inventing a well-known wheel? I couldn't find<br>
anything like this when google'ing around.<br>
I know there is a lot of "security by obscurity" here, any PRACTICAL<br>
ideas on how such a system can be improved? (please spare me the "it<br>
can't be totally secure" spiel, I know that).<br>
<br></blockquote><div><br>Sorry that I am not sparing the "it can't be totally secure"...<br><br>Shouldn't your question be: "if someone managed to get root access to my machine, which is what's needed to read the key file which is chmod 600 with uid 0, what stops him from reading the key from the process memory of an already running Apache without restarting it even I don't store the key on a file?" <br>
</div></div><br>Not to mention that if the attacker got root access on your machine (and sometimes even less than that, enough to read your scripts with the DB credentials) - what do you care if he could read sessions between the server and the client, if all the sensitive client data is stored plaintext on the DB (or with a reversible encryption that utilizes a key in the code which equals plaintext...)<br>
<br>I mean... I don't think it's "security by obscurity" simply because I believe this measure is not obscuring anything useful...<br><br>I think you should concentrate your efforts on maximizing web scripting code quality and input validation, using multi-tier security mechanisms if possible (like web servers chaining and/or privilege separation between different parts of the code that needs different DB access privileges), chroot jails, watch for security advisories on the software you chose to use at all tiers (don't forget the Kernel) etc... I believe it would make your security much better than fiddling with a private key file that only root can read on your server...<br>
<br>And finally, Apache is a huge bloat; The more bloat you have, the more you sacrifice on performance, and in my opinion, security. The less code that runs to serve your requests, the less chance for security issues down the road; But that's just me :)<br>
<br>-- Shimi<br></div>