Menu
▾
▴
Re: [Phpwiki-talk] Re: [phpwiki-checkins] CVS: phpwiki/lib WikiUserNew.php,NONE,1.1
|
From: Bishop <bi...@pl...> - 2003-12-15 06:28:35
|
> Bishop schrieb: >>>Joby Walker schrieb: >>>>If I am mistaken about what you are storing in the cookie ... then >>>>ignore. But I am quite worried about this development. >>> >>>Well, I'm not so concerned about security with this password issue, >>>since it's only a wiki. nothing serious. >> >> I've just read the section of code allowing me to use the imap >> authentication feature, which means my wiki passwords will be the same >> as >> my users' imap passwords - therefore the same as their account >> passwordson >> my mail server. The risk of having those passwords stored remotely or >> passed over an insecure connection is a bit of a concern. > > in case of external auth no passwords are stored anywhere. > it just checks for the correctness of the given username/password. > > in case of external prefs (customizable with external auth also), also > the other prefs are not stored in any page or cookie. Okay. as long as the cookie (can be set so that it) doesn't contain any auth info that can be grabbed from a sniffed HTTP:80 connection, that's fine. > in case of loose PagePermissions and homepage stored prefs one could > look at prefs of other users, with the metadata viewer plugin. So we know we shouldn't do that. >> PHPWiki runs well over an SSL connection, right? > > PHPWiki runs well over an HTTPS connection, if the images are also on > HTTPS (no external img src). otherwise you get lot of warnings. Excellent. An admin who wants to secure the wiki from shenanigans, then, should - run ssl - use imapssl for auth (with that path o' mine) - not set loose pagePermissions > I never did an IMAP connection over a secured connection (SSL, TLS, ...) That works. I'm auth'ing to my demo server with usernames/passwords on a remote imaps server (and tethereal shows it's only accessing port 993; not 143). The patch is tiny, and I'm glad phpwiki uses the standard imap_open stuff like it should - passing in 993/imaps/noverify or whatnot (see the patch) works like a dream. > yet. imap_open does support TLS/SSL if compiled against OpenSSL. > stunnel is the other possibility: > see http://security.fi.infn.it/tools/stunnel/index-en.html > If this is not possible or the imap server does not support TLS/SSL, the > given password is passed cleartext to the IMAP server (AUTH=PLAIN), same > as with every unsecured mail client connection. Yeah, that's to be expected. I'm also thankful that the UW people made an IMAP daemon that the RH people could package into something I can secure easily, and I'm am doing my part to campaign for only imapS (and pop3S) among the users on the mail server I use. 8-) >>>If I store sensitive data in cookies I do a symeteric encryption with a >>>secret key at the host, generated at install time. >> >> Where's that part of the code? I want to make sure it's being run like >> it >> should on %post in the RPM as well. > > in other projects of mine. in my tep addons (oscommerce.org) for > example. not in phpwiki yet. Okay. I'll check back if I hear of anything generated at install time, so that it's generated on installation of the package instead of make-install portion of the package-building bit, so the keys are all randomly different. |
