I have a web application I am considering revisiting. I am concerned that one of the points in the security of the application may be overkill. This application runs on linux/apache.
The application runs through ssl only.
Each user can access a part of the filesystem hierarchy, top down from the points they can access. Kind of like in the /home/user setup- only the hierarchies are much deeper.
The system recognizes that each user has these points they can access top down within the filesystem hierarchy.
- Users log in by providing a password, a username and passing a captcha test.
- The user logs in and is presented with a choice of these points, these directories from which point down within these hierarchies they can read files. They can select one of these choice codes which are garble to the client, because they have been encrypted on the server using a unique per session key (and offered to the client)
- When they make a selection (imagine, /home/user/books) What the client selects '/home/user/books', it is actually sending the server 'garblegarblegarble'.
The server receives this, looks up their decryption key in the session (stored on the server) and decripts 'garblegarblegarble' back into /home/user/books.
- After this; the server looks up that the user registered in this session actually *has* rights to read /home/user/books. Before it proceeds.
Everytime the user changes to a different place or file in the hierarchy- the whole process is repeated.
What I was trying to protect from by encrypting the requested paths:
A user who has been validated could be an attacker.
If they can read /home/user/books but not /home/user, if they requested /home/user, they are denied because the system registers this user cannot read that. Because the information to *make* the request for /home/user is already a string encrypted by the server with unique per session key- the possible attacker can't even *make* the request for /home/user, because their request will decrypt to garble at the server.
I am already running this via ssl only, and checking that the users indeed can read what they ask for- I am wondering if I should not be encrypting and decrypting the request data. If this is an added step that just slows everything down (halfway slower).
I'm sorry for the long story- I can't figure out how to shorten it. Any opinions? I would greatly appreciate it.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.