Paranoid session

[enkidu72]

Hi all ...

I 'm coding for a site that has to be very secure .

The problem is that users are sending via form a private certificate , which has to be used in the creation of a personal proxy .

Files sent by a form are stored with a tmp name on the server , which is not what we want .

In the case of someone gaining the root access to the machine he could retrieve and use them .

We have thought about crypted filesystem , crypted session on a remote db and much more . I' d like to know if someone has some

idea ...

 

Thx in advance

 

David

[JonnoTheDev]

Use an SSL certificate on your domain and make sure your forms are requested via https:

If your server is setup properly, decent firewall etc nobody should gain root access. Do not store user uploaded files in the website document root if you do already. Change your server root password regularly and use a wheel user as opposed to root login i.e Deny root login over SSH.

[enkidu72]

Hi neil.johnson ,

all this measures are already implemented on the web site .

But still seems that's not enough .

The main problem is with this files being uploaded via web and stored ( even for some second ) in the fs ..

[JonnoTheDev]

But still seems that's not enough .

The main problem is with this files being uploaded via web and stored ( even for some second ) in the fs

Makes no sense. Where is your concern?

[enkidu72]

I'll try to explain better ...

User upload his personal cert via a form .

 

The certificate is then something like this : $_FILES['cert']['tmp_name']

which actually is a file stored in the apache server .

There is a ( VERY ) remote possibility that someone can gain root access to the web server , and so can read this file .

 

A program uses this file to generate a personal proxy for the user .

 

 

 

[JonnoTheDev]

$_FILES['userfile']['tmp_name']

The temporary filename of the file in which the uploaded file was stored on the server.

 

This is only temporary. Your file should be moved and re-named using move_uploaded_file(). Read http://us3.php.net/manual/en/features.file-upload.post-method.php

 

If you have all the security mentioned above then I fail to see how anyone will gain root access to your server! Please enlighten me.

[enkidu72]

The file will be moved , but still will reside on the server .

The security issue is just a "political" problem .

This portal , and the certificates are of the max importance , with then you "could" access to hundreds of computers all over the world .

So my chiefs ( that are not IT ) want the max security you can think of .

The code is crypted .

The session itself it's a problem because reside on the server  , so we  crypt  and move them to a database on another machine physically connected to the web server that accepts connections only from one ethernet nic .

 

 

[jon23d]

Transferring a file to the server will result in...  a file transferred to the server.