Re: [Plastic-devs] Small plastic items
Brought to you by:
johndavidtaylor,
thomasboch
Menu
▾
▴
Re: [Plastic-devs] Small plastic items
|
From: Noel W. <Noe...@ma...> - 2006-09-14 22:33:45
|
On 14 Sep 2006, at 23:17, John Taylor wrote: >> <snip> > Certainly, Plastic is pretty insecure at the moment. I think we > probably need to think carefully before trying to make it completely > secure....its selling point is that it's simple, and we don't want to > complicate it with extra baggage unless we have to. If we want an all > purpose messaging system then perhaps we should pick one off the > shelf. > > As noted on > > http://wiki.eurovotech.org/twiki/bin/view/VOTech/PlasticRemould > > there is a danger that some script kiddie could take control of > your hub > remotely. Even if we did randomise the RMI port, it would be easy > enough to scan for it. So I think the best thing to do is > a) make the .plastic file have 400 permissions > b) disallow connections from remote machines _unless they have been > explicitly enabled_ [there are some potential uses of this, as > noted by > Pierre]. in fact, it's possible to do this already using the java security policy stuff. One of the built-in permissions lets the user control the behaviour of sockets - in particular, from which ip addresses a server socket is allowed to accept a connection from. I should think this cleanly controls the XML--RPC, RMI and any other network interfaces into the hub. So, by providing the user with a suitable security policy file, and showing them how to execute java with the security manager turned on, it's possible to have a secure, configurable system with no additional code. (as you might have gathered, I'm halfway through reading 'My First Java Security For Dummies For Idiots'.) 'course, actually running java with the security manager enabled is probably beyond the ken of most users - hence me looking at installers for the workbench / hub - once users are running a shell script / shortcut / whatever, it becomes easier to pass in the security policy on the commandline. Programattically controlling the policy used is much harder, unsurprisingly. If anyone's got some experience of this, I'd be interested. cheers noel. |
