Re: Password / access rights check
From: Ben Mord (benmord_at_earthlink.net)
Date: 09/09/03
- Next message: Markus Jansson: "Re: code breaking tools"
- Previous message: Mark Wooding: "Re: Algorithm Modes"
- In reply to: Simon Johnson: "Re: Password / access rights check"
- Next in thread: Ben Mord: "Re: Password / access rights check"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 8 Sep 2003 20:04:36 -0400
"Simon Johnson" <Ckwop@hotmail.com> wrote in message
news:f5668ae7.0309080757.476687d4@posting.google.com...
> alex221@pisem.net (Alex Prokhorov) wrote in message
news:<a502d884.0309072223.6839d811@posting.google.com>...
> > Hello.
> > I need to add security to my project and haven't done this before.
> > What I have to do is to grant different users different levels of
> > access to the features of the program. It is clear for me how to do it
> > in case of simple allowed/denied access to the program. I just create
> > text file with usernames and md5 hash of their passwords. But how and
> > where to store access options? I suppose, that access options must be
> > encrypted too (or maybe i'm not right?). Additionally i need an option
> > for the admin to arbitrarily change access options for users without
> > knowing their passwords. Anyone could please direct me. Thanks.
> > Alex221
>
>
> Use public key cryptography. Sign the permissions with the
> administrators private key. You can write the program to check the
> correct public key is installed by checking the permissions signatures
> verify properly.
>
> Simon.
Simon - It doesn't make sense to sign the permissions unless you also sign
the password hashes (or use a keyed hash). Otherwise, someone who is able to
modify this file would simply change the password on an account with the
desired access level. If you did sign both, you would need to sign them
together to prevent someone from swapping a privledged account's access
level with their's. But even in this situation, it is practically impossible
to defend against an attacker who has unrestrained access to the same
system's hard drive that also hosts the program itself - they could just
modify the access logic itself. In light of these considerations, it
probably makes more sense to rely on non-cryptographic measures to protect
the integrity of this data, in most situations. (There might be an
exceptional situation, e.g. under some threat models if the file were
remotely stored on another file server for some reason, or perhaps mounted
RW while the software is on a partition mounted read-only...)
Alex - hashing passwords prevents someone with unauthorized knowledge of
your file's contents from gaining unauthorized access. Depending on your
specific requirements, you might not care that much if this same person has
knowledge of a user's access level. One reason why you might care is that it
allows the attacker to focus their attacks only on those accounts with the
desired access, and it might also tell them which user they should beat up
or bribe to gain the desired access. But depending on your context, you
might or might not care much about these issues.
Ben
- Next message: Markus Jansson: "Re: code breaking tools"
- Previous message: Mark Wooding: "Re: Algorithm Modes"
- In reply to: Simon Johnson: "Re: Password / access rights check"
- Next in thread: Ben Mord: "Re: Password / access rights check"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
