SECURE SERVER WEAKNESSES
BUT FIRST, SOME ASSUMPTIONS...
Just to keep things simple, we will trust that our server and browser do their
jobs properly and that nobody is yet able to crack the encrypted data.
As of this writing (December 3, 1999) 128 bit encryption is considered
to be rather secure- and more importantly, beyond our ability to control.
We will also trust that certificate authorities such as
Thawte perform their jobs properly
in investigating the company that has applied for a certificate before
HOW CAN A SECURE SERVER BE INSECURE?
Sounds almost like we are dealing with a neurotic computer, but creating
an insecure secure server is more the norm than the exception. Here are
some of the more popular holes in secure server security.
IMPROPER DATA FORWARDING
This is quite a common problem on the Internet right now. I know this
based on e-mail I get from people implementing our
BNBFORM, all purpose mail response
form on secure servers.
The problem here is twofold, but let's deal with data forwarding at
this point. After the consumer fills out the form, all of the information
is safely encrypted and transmitted to the server. The server then decodes
the data for a script such as BNBFORM to deal with. At this point, the
information is no longer encrypted, and no longer safe.
The script then e-mails the information to the form's owner as clear
text. This information is then placed at risk as it is mailed from the
server to person's e-mail box. During the information's transit, it
can be sniffed and stolen by a person running a packet sniffer. The
mail is then sent to some mail server where it sits waiting to be
picked up by the owner, and the it is again transmitted in the clear
as the owner downloads their e-mail.
The clear text information can also be viewed by any person with
administrative privledges on any system along the way.
The only solution to this problem is to re-encode the data before
it is again transmitted. BNBFORM (and most others) do not support
this function due to licensing and other legal issues having to
do with encryption.
IMPROPER DATA STORAGE
Probably the most serious risk regarding data storage has to do
with sites that are in a Virtual Host environment. Again, using
the BNBFORM as an example here are our problems.
The owner of the site uses the script's log-to-file option to
store all information in case e-mail is lost or for audit purposes.
This means that all of the information is stored on the system's
disk in a text file.
Obviously, the administrator's of the hosting company can read
what is in the file, but if the file's permissions are set
incorrectly allowing public read access, so can every other
user (possibly hundreds) that has access to that computer!
Quite often, virtual hosts do not have each site running using
it's own owner and group ID codes. This means that the web
server software runs as the same user for all the sites
located on the server. Unfortunately, this also means that
in a typical set-up, it is very easy for anyone with a site
on the same system to grab other people's data.
DIFFICULT TO DESTROY DATA
This problem also plagues virtual host situations. One would
hope that the operator of the server makes frequent backups
in case there is a hardware failure. Where do the tapes go?
Who has physical access to them? How long are they kept?
In a sense, this is the computer equivalent of a store
photocopying credit card receipts!