Re: [Phpwiki-talk] FootNotes, Tables, The end of PHP3, I'm still alive, etc...

[Malcolm R. <mal...@cs...>]

> 	
> Security:
> 
>   On machines where httpd runs as 'nobody' (or similar), admin.php must
>   be world readable.  This allows anyone with an account on the machine
>   access to the username and password in admin.php (same problem for
>   the sql password in config.inc).
> 
>   Is there a solution?

Well, we could do what the UNIX passwd system does, and compute and store
a hash of the password (one-way encrypted) instead of the plain-text. 

This could be done via the following (untested) change to admin.php:

   // set these to your preferences. For heaven's sake
   // pick a good password!
   $wikiadmin   = "malcolmr";
   $adminkey = "BHZ";
   $adminpasswd = "750c783e6ab0b503eaa86e310a5db73"; // Not the real value

   // Do not tolerate sloppy systems administration
   if (empty($wikiadmin) || empty($adminpasswd)) {
      echo "Set the administrator account and password first.\n";
      exit;
   }

   // from the manual, Chapter 16
   if (($PHP_AUTH_USER != $wikiadmin  )  ||
       (bin2hex(mhash(MHASH_MD5, $PHP_AUTH_PW, $adminkey)) != $adminpasswd)) {
      Header("WWW-Authenticate: Basic realm=\"PhpWiki\"");
      Header("HTTP/1.0 401 Unauthorized");
      echo gettext ("You entered an invalid login or password.");
      exit;
   }

Unfortunately, I can't test this, because none of the PHP installations 
available to me have mhash installed. 

Generating an encrypted password would require a separate program, but 
is easily done.

This is still vulnerable to dictionary attacks, but if the password is 
well chosen, it should be fairly secure. 

Malcolm

-- 
Malcolm Ryan - mal...@cs... - http://www.cse.unsw.edu.au/~malcolmr/
  AI Dept, CSE, UNSW, Australia, Phone: +61 2 9385-6906 Fax: +61 2 9385-1814

           "He causes his sun to rise on the evil and the good,
           and sends rain on the righteous and the unrighteous." - Matt 5:45