Apps Messaging: security
John Taylor
jontayler at gmail.com
Tue Apr 10 05:59:18 PDT 2007
On 10 Apr 2007, at 13:49, Mark Taylor wrote:
> On Tue, 10 Apr 2007, John Taylor wrote:
>
>>> actually that would be OK, and maybe tidier - we're vulnerable to
>>> brute force in any case (app.exec(secret-id,args="rm -r .")). We
>>> can just recommend that secret-ids ought to be hard to guess.
>>
>> I guess so - I was thinking that a brute force attack on the
>> former allows you to get a particular application, while in the
>> latter the bad guy can't be sure which app you'll get. I guess
>> there's not much of a difference... Anyway, all we're trying to do
>> is stop one application spoofing another. A malicious application
>> can still register legitimately and send a naughty command. I
>> don't see any way of stopping that - if you're going to run dodgy
>> software it can execute "rm -r" on its own without our help!
>
> This does a bit more than that - the malicious application can only
> register if it knows hub-secret.
Sorry - I was referring to malicious apps running under the user's uid.
Anyway, here's the latest version:
http://www.ivoa.net/twiki/bin/view/IVOA/
ApplicationsMessagingHighLevelProtocol
> In the PLASTIC as it stands any process who can see the XML-RPC
> port can do that, and it may be running for a different user.
We do obfuscate the URL, so they'd still need to crack that. I don't
think there's any protection on the RMI port though.
> Admittedly you could solve that by
> just passing hub-secret around with all calls, but you'd still want
> to have an application ID, and this effectively combines the two,
> as well as formalising the question of whether it is permissible
> to spoof.
>
> --
> Mark Taylor Astronomical Programmer Physics, Bristol
> University, UK
> m.b.taylor at bris.ac.uk +44-117-928-8776 http://www.star.bris.ac.uk/
> ~mbt/
>
More information about the apps
mailing list