dumb++ security

From: Buffy The Cache Coder (buffcoder@hotmail.com)
Date: 02/20/02

• Next message: keith: "Re: strange firewall log"
• Previous message: Thomas H. Ptacek: "Re: SNMP Vulnerability Hype"
• Next in thread: Ross Oliver: "Re: dumb++ security"
• Reply: Ross Oliver: "Re: dumb++ security"
• Reply: David Means: "Re: dumb++ security"
• Reply: Murray Watson: "Re: dumb++ security"
• Reply: Nicholas Bachmann: "Re: dumb++ security"
• Reply: NelsonS: "Re: dumb++ security"
• Reply: Dave Korn: "Re: dumb++ security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: buffcoder@hotmail.com (Buffy The Cache Coder)
Date: 20 Feb 2002 13:50:51 -0800

Hello.

I need some suggestions on how to make my company's product
more secure from hackers. Currently our software
consists of several batch programs that are usually run
from the commandline.

These programs read username/password from a text file in a
user's home directory. This information is used into Oracle
or Sybase database. If the user doesn't have permission
to connect to either database, the program doesn't run.

The powers-that-be will be satisfied if I can have something
slightly better than looking up a username and password from
file. They want something in house for now and can
be run on NT too. So what I need is a simple solution,
but I'm lost for ideas. Anyhelp?

Also, what about the situation where a user starts
a server from the commandline which connects to the
database/some server to perform task A.

How can I ensure that the user has permission to do
task A? How can I prevent user who has permissions
but is now 'evil' from writing their own server,
logging into the system and doing something bad?

Any suggestions, or what literature to read would
be good. Again, they want me to make something in-house,
and I'm not about to get a PhD in mathematics to
learn cryptography, if it can be avoided :)

thanks.

---

• Next message: keith: "Re: strange firewall log"
• Previous message: Thomas H. Ptacek: "Re: SNMP Vulnerability Hype"
• Next in thread: Ross Oliver: "Re: dumb++ security"
• Reply: Ross Oliver: "Re: dumb++ security"
• Reply: David Means: "Re: dumb++ security"
• Reply: Murray Watson: "Re: dumb++ security"
• Reply: Nicholas Bachmann: "Re: dumb++ security"
• Reply: NelsonS: "Re: dumb++ security"
• Reply: Dave Korn: "Re: dumb++ security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: dumb++ security ... If the user doesn't have permission ... > to connect to either database, ... Proud Member of the Exclusive "I have been plonked by Davee because he ... > database/some server to perform task A. ... (comp.security.misc) Re: dumb++ security ... If the user doesn't have permission ... > to connect to either database, ... Proud Member of the Exclusive "I have been plonked by Davee because he ... > database/some server to perform task A. ... (comp.security.unix) Re: WSS 3.0 Search Service ... was trying to access the database server to create the search database, ... I changed it to SQL server authentication and it was able ... I keep getting redirected back to the configuration page. ... The application-specific permission settings do not grant Local ... (microsoft.public.sharepoint.windowsservices) RE: user permissions ... Server 2003): ... permission in both the Sharing permission and Security permission. ... since abc can logon to the server and access the ... database locally, it seems that it has enough security permission. ... (microsoft.public.sqlserver.server) Re: dumb++ security ... If the user doesn't have permission ... > to connect to either database, ... > database/some server to perform task A. ... (comp.security.unix)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.unix  > 2002-02