[plug] Is this secure

craig at postnewspapers.com.au craig at postnewspapers.com.au
Fri Dec 14 12:58:21 WST 2001


My implementation might interest you. Nothing special, but I had to
accept CC numbers over the web for out classified ad pages. 

All access by the user is over https. It is blatant, insane idiocy to
use unencrypted http for this sort of thing.

The form results are parsed by a perl cgi script, and are _never_
written to disk. The script builds an eMail, encrypts it with gpg, and
sends it to the appropriate address here. No data is stored on the
webserver. The mailserver is behind the firewall, and only one person
has the private key and passphrase needed to read the mail from the
server.

This is not paranoid enough, but I don't have the resources to do things
like write a C program to run suid to a unique uid and lock its memory
to prevent being swapped out. I'm working on the theory that if the box
is compromised, they can just replace or modify the script anyway. So
keep the box secured, and keep a good eye on tripwire.

-- 
Craig Ringer
IT Manager
POST Newspapers
http://www.postnewspapers.com.au/
http://oberthur.dyndns.org/~craig/
GPG Key Fingerprint: AF1C ABFE 7E64 E9C8 FC27  C16E D3CE CDC0 0E93 380D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20011214/2a23c79c/attachment.pgp>


More information about the plug mailing list