|Newbie questions about Pliant
How does Pliant validate users
|Message posted by maybe Marcus Santos on 2002/11/05 17:42:27
|I was wondering how pliant knows which user is accessing a password protected
For example if a user logs in. How does pliant know that it is the user
who just logged accessing the password protected page?
This question also poses another on what methods pliant uses to manage
browser sessions. How secure are they?
|Message posted by maybe Hubert Tonneau on 2002/11/05 17:48:50
|The browser will provide the user and password in each HTTP request header.
They are clear text.
There is a hash based authentification method defined in HTTP, but it's
supported by very fiew browsers, so I've never found really usefull to finish
Pliant implementation. The downside of hash authentification is that the user
password must be stored on the server disk whereas with clear password, storing
a digest of it is enough.
Use the Pliant trace mechanism, and see the 'Authorization' option passed with
each HTTP request.
|Message posted by maybe Marcus on 2002/11/05 19:16:15
|Does this solution you have used create an open door for someone to hack in?
How does other similar solve this problem?
|Message posted by maybe Marcus on 2002/11/05 19:20:47
|Let me rephrase my last question:
How do other similar systems solve this problem?
|Message posted by maybe Hubert Tonneau on 2002/11/05 20:11:51
|Well, clear password is very vulnerable to man in the middle attack.
Some hackers may succeed to corrupt some routers on the internet, then use
these to collect many many passwords through listining the traffic on these
According to me, it is not reasonable to let somebody upload a .page file
to a Pliant server using clear password, because anybody that can get
the password will probably be abble to get full control of the Pliant process.
The classical solution is SSL.
The Pliant solution is the Pliant secured proxy.
Both solutions will exchange a shared secret key using a public/private key
pair, then use this shared secret to cypher all the traffic.
Now, nothing is perfect, and the public/private key pairs also have a weak part
wich is exchanging the public key.
SLL provides a very sophisticated way to do that, but most users can be
fooled because they don't understand the all SSL thing.
Pliant basically provides no special way to exchange the public keys: each
server contains it's own keys database and you are responsible to decide
the best way to feed it.
The last point is that it is of no use to protect the servers more than the
computer you use for everyday work: one who would like to get control on one
of your servers will probably first try to get a virus in your desktop system
so that he can then collect all your account informations, including passwords
through listening the keyboard.
Now, assuming that Pliant process got corrupted, then Unix security applies.
If the Pliant process runs as root on the Linux computer then all the machine
is compromised. If it runs as a simple user, then Linux security might prevent
the acker to get the control of the all machine, and more important might
prevent to hide the fact that the site is compromised.
I'm currently working on a 'logical server' notion in FullPliant in order
to run various Pliant web sites as normal chrooted user.