Re: SOAP::Lite - securest authentication route...

Your outer layer of security sounds fine. You should also make sure that:

Your application is secure. The application should be very carefully written, should use taint mode, etc.
Your server is secure. Make sure other services are locked-down, it's probably behind a firewall, running only necessary services. You should be running a secure operating system, probably some kind of Unix. Also make sure you have a procedure for regularly updating the installed components of your OS, such as Debian's apt-get or RedHat's up2date.
Your network is secure. Your router and switches should be reasonably well-protected, etc.
Your clients are secure. Make sure they're running secure OS's, if possible, and are regularly updated. If one of your clients is taken over by the latest virus and an intruder gains access to the keyboard and screen of the machine, all of your other security is worthless.

If you want to do MAC-level filtering, it's probably best to do that at the OS/firewall level; that information isn't readily available to a userspace program. Of course this will only work for machines on the same LAN as you, and users can change their MAC address, so this doesn't add too much.

Comment on Re: SOAP::Lite - securest authentication route...

Replies are listed 'Best First'.
Re: Re: SOAP::Lite - securest authentication route... by matija (Priest) on Apr 20, 2004 at 07:03 UTC
While I agree with the rest of your post, I want to comment on your last point: One should never assume the clients are secure. Always (if at all possible) treat clients with utmost suspicion, and that means not trusting any data you get from the clients unless it checks with the stuff you know. Taint checking all the input should go without saying. Assuming the client is out to get you not only protects you from clients that have been taken over by black hats, but also from bugs in the client...	[reply]
Re: Re: Re: SOAP::Lite - securest authentication route... by sgifford (Prior) on Apr 20, 2004 at 15:18 UTC
I agree that the script should never assume the client is secure, as an essential component of a security-in-depth strategy. However, a secure client really is necessary for making sure only authorized users use the script. A compromised computer may be under an unauthorized user's control, but have a permitted IP address and access to the password or the SSL certificate.	[reply]