Hi everyone,

since I am facing similar problems, I consider this a very useful feature. We should supply others with such ("The developer uses a simple script / personal web site to decrypt the server list") a script though.

This might also convince other sysadmins to install several Limesurvey instances (because it makes maintenance a little easier). Currently especially universities tend to offering one (mostly quite old) Limesurvey version only which they fear to update.

Best regards,
Marcel
(Limesurvey Head of Support)

Am 31.08.2013 12:11, schrieb Sam Mousa:
Hey guys,

With my customer base growing in size I'm faced with an overload of limesurvey login data.
Impossible to keep track of all the details I am spending a growing amount of time looking for specific installations' details in my mailbox.

To solve this issue I'm proposing adding a dev plugin to the set of core plugins.
Here is what I'm envisioning:

- The plugin, when enabled, adds public key authentication to limesurvey.
- Plugin configuration allows an end user to enable individual public keys.
- By default the core plugin contains a public key for each limesurvey developer (that wants his / her key to be included).
- The plugin encrypts the URL of the installation, the installation name and a user configurable description using the enabled public keys and sends them  to a central server.
NOTE: Since only the developer with the corresponding private key will be able to decrypt the server information there is no way attacking the central server could leak a list of limesurvey installations. Furthermore note that any leakage would only supply a list of LS installations and no login data, ever.

- The developer uses a simple script / personal web site to decrypt the server list and can then directly click on a link that sends him to the limesurvey installation where he logs in.
This logging in done in several steps. 
1. The script / personal website asks the installation for a (random) challenge.
2. The script / personal website encrypts the challenge using the private key and sends the encrypted message and a hash of the public key to limesurvey.
3. Limesurvey checks if the public key is known / active and tries to uses it to decrypt the reponse and obtain the challenge.


The challenge can be implemented stateless in a stateless by using symmetrical encryption or HMAC. Using symmetrical encryption will reduce information leakage in case an attacker tries to obtain a challenge manually.

Any thoughts on this? I'm convinced this is more secure for the end user than the current approach of manually adding users to his / her system and it will definitely be easier for people (forced to) support multiple limesurvey installations.

Cheers,

Sam
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________ limesurvey-developers mailing list limesurvey-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/limesurvey-developers