security bug in PHP-server-1.1
Norman Rasmussen
norman at rasmussen.co.za
Wed Apr 11 14:03:41 PDT 2007
On 4/11/07, Niels Berkers <niels at quotar.com> wrote:
> a quick google brought this up; software security principles:
> 1. Identify and reinforce the weakest link.
> 2. Provide defense in depth, which means you should manage software
> risk by providing redundant security solutions. Usually, one level of
> redundancy is worthwhile; whether you need more depends on your
> particular project.
> 3. Secure failure: Make sure that if the system could possibly fail,
> it will fail in a secure manner.
> 4. Least privilege: Do not give out more privileges than necessary,
> and do not extend privileges longer than necessary.
> 5. Compartmentalization: Try to keep failures in one part of a
> system from having an impact on the rest of the system.
> 6. Keep it simple.
> 7. Privacy: Don't give out any unnecessary information.
> 8. It's hard to hide secrets.
> 9. Don't extend trust easily.
> 10. Trust the community.
>
> source:
> http://www-128.ibm.com/developerworks/library/s-princ5.html
>
> Not securing data when it comes in is like sticking your head in the
> sand. I have worked too long as webdeveloper (for a broadcaster) to
> know; relaying on just one layer of security is not the smartest move
> you can make.
I think you're confusing securing data, with escaping data. Security
is: you can't read this list of email addresses because you're not an
administrator. Escaping data is: you can't inject some sql in this
search box, and retrieve a full list of all users in the system,
including their email addresses and passwords.
FYI: Google also produced this interesting project (which is written a
good five years after the IBM article):
http://chris.vandenberghe.org/publications/csse_raid2005.pdf
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the Dev
mailing list