when is secure, secure?

Lo everyone,

I wrote a custom authentication handler for PureFTPD, using a combination of
authentication methods, for about 4 different types of users.

So far, from testing it, it does look to work properly, and does it's job
pretty well (and fast).  I use #!/usr/bin/perl -W as well as use Strict, and
use warnings, and the code returns no errors or warnings when run.

I am right to presume that this basically only really tells me the my syntax
and structure of the application is right?  What's a good way to see whether
it is actually SECURE... There is a couple of lines of code that I have my
reservations about and am thus not 100% happy with the script...


--
me

0
savage
4/17/2003 6:56:01 PM
perl.beginners 29226 articles. 3 followers. Follow

2 Replies
1494 Views

Similar Articles

[PageSpeed] 33

> I am right to presume that this basically only really tells=20
> me the my syntax
> and structure of the application is right?  What's a good way=20
> to see whether
> it is actually SECURE... There is a couple of lines of code=20
> that I have my
> reservations about and am thus not 100% happy with the script...

Read up on "taint mode".
0
Luke
4/17/2003 6:58:09 PM
Try reading perlsec

And try this CGI course, that's based on security
http://users.easystreet.com/ovid/cgi_course/index.html

I'm not so good at security, but this course gave me a very good overview of
what I could be letting away.

-rm-

----- Original Message -----
From: "Chris Knipe" <savage@savage.za.org>
To: <beginners@perl.org>
Sent: Thursday, April 17, 2003 12:56 PM
Subject: when is secure, secure?


> Lo everyone,
>
> I wrote a custom authentication handler for PureFTPD, using a combination
of
> authentication methods, for about 4 different types of users.
>
> So far, from testing it, it does look to work properly, and does it's job
> pretty well (and fast).  I use #!/usr/bin/perl -W as well as use Strict,
and
> use warnings, and the code returns no errors or warnings when run.
>
> I am right to presume that this basically only really tells me the my
syntax
> and structure of the application is right?  What's a good way to see
whether
> it is actually SECURE... There is a couple of lines of code that I have my
> reservations about and am thus not 100% happy with the script...
>
>
> --
> me
>
>
> --
> To unsubscribe, e-mail: beginners-unsubscribe@perl.org
> For additional commands, e-mail: beginners-help@perl.org
>
>

0
ramon
4/17/2003 9:53:40 PM
Reply:

Similar Artilces:

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...

form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script  in textboxes in that form and can damage database, so how to avoid such security lack.  it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...

Secure connections: how secure are they?
*QUOTE* ......... both useful and malicious information can be transmitted via network connections. Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its secure nature, as demonstrated by the different types of protection listed above. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-s...

Password secure...is it secure?
Yes I just got this baby and I LOVE it! Its great. I have stored all my passwords inside of it (and yes made a few backups from them in secure locations) How secure is this program really? It uses blowfish to encrypt the database but how strong blowfish? 128bits? 256? 448? Anything else I should think about it? I have putted it and its databases inside PGPdisk just to play it safe...but then again Im a paranoid. :) -- Markus Jansson ************************************ My privacy related homepage and PGP keys: http://www.geocities.com/jansson_markus/ ********...

How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...

How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...

Secure By Design: How Guardian Digital Secures EnGarde Secure Linux
"EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet."... http://www.linuxsecurity.com/content/view/125195/171/ ...."The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are freely available with GDSN registration."... http://www.engardelinux.org/modules/index/index.cgi -- js ...

Netstorage Secure then UN-Secure
Have a problem with Netstorage: I log in under the secure website of https://ipaddress:51443/oneNet/NetStorage and then after drilling down to folder, the secure web site changes to http://ipaddress:51443/oneNet/NetStorage/Documents. Why??? does it go to the unsecure site? Claudia, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Do a search of our knowledgebase at http://support.novell.com...

Secure page to Secure page
Name: Jonathan Email: jbeldonatopenwaterloansdotcom Product: Firefox Release Candidate Summary: Secure page to Secure page Comments: I have had several crashes going from a secure page to another secure page. The response I often get is that the page does not exist. This only seems to occur on secure pages. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4 From URL: http://hendrix.mozilla.org/ ...

java.security.Security issue
Hi, EAServer 4.2 build 42012 on NT (jdk13). This code works as a Java clientapp but not when the code is inside an EJB in EAServer? Can we register Security provider dynamically? // system var. System.setProperty("javax.net.ssl.keyStore", "<val>"); System.setProperty("javax.net.ssl.keyStorePassword", "<val>"); System.setProperty("javax.net.ssl.trustStore", "<val>"); System.setPropert("javax.net.ssl.trustStorePassword","<val>"); System.setProperty("javax.net.debug", &...

Are Security Products a Security Risk?
"Approximately 800 vulnerabilities discovered in antivirus products" http://blogs.zdnet.com/security/?p=1445 My antivirus solution Kaspersky is one of them... Sigh... :( On Mon, 21 Jul 2008 18:05:21 +0800, Ryan Ernest S. Selda said: > "Approximately 800 vulnerabilities discovered in antivirus products" > > > http://blogs.zdnet.com/security/?p=1445 > > > My antivirus solution Kaspersky is one of them... Sigh... :( This has already appeared here, on 8th July, in a thread entitled "Approximately 800 vulnerabilities discove...

Security Trends
Security Trends - What they forget to secure from L33tdawg Sat Apr 20 @ 16:45(Reads: 325) By: obscure Note: This article first appeared over at our affiliates site EyeOnSecurity.net. The original article can be found here. You set up firewalls, e-mail filtering, Intrusion Detection Systems (IDS), personal firewalls, Censor Software (both on network and personal level) and they still get in. What I'm referring to is those pesky VBS, similar worms inhibiting the Windows platform right now and maybe a few real life crackers here and there. For the network administrator, this can be a ...

Web resources about - when is secure, secure? - perl.beginners

Secure Digital - Wikipedia, the free encyclopedia
Secure Digital or ( SD ) is a non-volatile memory card format for use in portable devices, such as mobile phones , digital cameras , GPS navigation ...

Facebook To Users: ‘Add Your Phone Number To Help Secure Your Account’
Some Facebook users are seeing alerts above the Graph Search bars on their News Feeds , prompting them to “Add your phone number to help secure ...

SecuSUITE for Enterprise enables secure calling and messaging
... iOS and BlackBerry operating systems. By using the VoIP, software-based, cloud-hosted solution, employees will be able to conduct secure conversations ...

iOS apps aren’t any more secure than Android apps, study finds
A new security report from Checkmarx claims that the walled garden that is Apple's App Store may not be the safe haven it's hyped up to be. The ...

Apple's iOS just became a secure SharePoint client for enterprise IT
Regular readers will know I’m keeping an eye on Apple’s growing enterprise credentials , and it looks like iPad Pro has taken these a few steps ...

French Authorities Secure Concert Hall: 12 Freed, 100 Dead
French Authorities Secure Concert Hall: 12 Freed, 100 Dead

Hypocrite Rubio abandoned immigration reform, saying ‘secure the border first.’ Hey, Marco: It is.
... for the undocumented—and then voted against it. Now, his presidential campaign’s website has a page on immigration with the title “Secure the ...

The Dojo gateway secures your smart TV and other home devices
... mess and it's a target for hackers. The Foscam baby monitor hack reminded everyone that anything that's on a network needs to be secure and ...

FidelityVoice: A Way To Secure Retirement Income Later In Life
Turning age 70½ is an important milestone if you have a traditional IRA or 401(k). That's when you must begin taking mandatory minimum yearly ...

Secure your Internet
Secure your Internet

Resources last updated: 11/24/2015 11:04:12 AM