Re: [Gnue-dev] Appserver/Common Issues

[Jan Ischebeck]

Stanley,

I'll comment inline :)

Am Donnerstag, 14. November 2002 19:20 schrieb Stanley A. Klein:
<snip>
> >I. Security:
> >
> >Requirements
> >1. user authentification (not only against a database)
>
> Authentication should best come from the operating system based on
> pass-through functions.  Second best is authentication coming from the
> database.  Authentication across a network can be done using systems
> designed for that purpose that work with the operating system.

IHMO the main job of the operating system is to provide a secure environment, 
authentification can be done by the operating system, but it doesn't have to.
The security provided by authentification done just in the operating system is 
not necessarily more secure as when authentification is done by something 
else.

I think authentification consist of two steps:

1. getting authentification information
2. verify the authentification information

The main security risks for 1. are:
  a) authentification information is copied ( a keylogger logs the password
      you've written)
  b) fake authentification information is read in (use of water in a plastic 
     bag to trick a finger print scanner)

The main security risk for 2. are:
  c) the communication is intercepted and a fake "user is authentificated" 
     message is send back
   
  d) the authentification verifier itself gets modified.


All steps should made be equaly high secure.

>
> Note that authentication only provides some confidence that the user is who
> the user claims to be, or that the message comes from where it purports to
> come from.  Can it be falsified or defeated?  Of course, if the attacker
> wants to spend enough time and money.

<sssnippp>

> Perhaps I don't understand the new appserver and 3-tier architecture well
> enough to be able to comment on this.  I don't know what is meant by an
> "authentication adapter," but refer to my remarks above on authentication.
> For a while I seemed to get the impression that the new 3-tier appserver
> interface would look more like the 2-tier interface than the old appserver
> interface did.  Now, I think my impression may be incorrect.

An authentification adapter in appserver do the second step of user 
authentification: it verifies some user authentification information against 
some kind of backend.

>
> From a security viewpoint, the difficulty with the old appserver (and the
> reason I think access control may be a major challenge) is that the mapping
> of data items from the user side of appserver to the database side seems to
> be complex, implying that appserver has to do some of its own access
> control.  Unless those access control functions can be pass-throughs from
> the operating system or can be isolated in files that can be well protected
> by the operating system, the appserver is likely to be much more vulnerable
> to attack than the 2-tier approach.

The difference between a 2-tier and a 3-tier approach in terms of security is, 
that some of the functions on the local/client side of a 2-tier are moved to 
a more secure place in the middle.

Appserver, as databases too, should run on a server in a special room, which 
don't allow physical access to the hardware. It should do check the integrity 
of data provided by a client, and allow a more fine grained access 
restriction system then a database. It could also be used to bind a client to 
a fix workflow.  By that it would make the data you have more secure than in 
a 2-tier approach. 

>
> Stan Klein
>
>
>
> _______________________________________________
> Gnue-dev mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/gnue-dev

Jan 

------------------------
Jan Ischebeck e-Services
address@hidden