diff options
Diffstat (limited to 'doc/security.html')
-rw-r--r-- | doc/security.html | 67 |
1 files changed, 0 insertions, 67 deletions
diff --git a/doc/security.html b/doc/security.html deleted file mode 100644 index cdcc2d79..00000000 --- a/doc/security.html +++ /dev/null | |||
@@ -1,67 +0,0 @@ | |||
1 | <center><H3><font color='007700'>libwebserver Security</font></H3></center><BR><BR> | ||
2 | |||
3 | <A name=what><B><font color='000077'>Is it safe to use?</font></B><BR> | ||
4 | <UL>Well, I can't promise that it's a secure software since that not only depends on the software, | ||
5 | but all i can say is that wasn't found any security bug yet, this was developed intended to be secure, | ||
6 | you can use openssl (encrypted streams) to protect information that passes from webserver(lib) to client</UL> | ||
7 | |||
8 | <A name=certificate><B><font color='000077'>How do I create my own certificate?</font></B><BR> | ||
9 | <UL>You can either buy one from one of the big vendors (see your browser's stored certificates | ||
10 | for their addresses) or self-sign a self-created one. The upside of the bought | ||
11 | certificates is, that the webbrowser doesn't ask if the user wants to | ||
12 | accept that certificate, but instead checks with the certification authority | ||
13 | you bought your certificate from.<br> | ||
14 | The downside is that it costs quite a lot of money.<br> | ||
15 | To create your own certificate use openssl like that: | ||
16 | <ul><li>create a key and request:<br> | ||
17 | <pre><b>openssl req -new > foo-cert.csr</b></pre><br> | ||
18 | As "Common Name" you have to type in the name part of | ||
19 | your URL, i.e. if your web site will be | ||
20 | "https://www.libwebserver.rules:443/" the Common Name is | ||
21 | "www.libwebserver.rules". | ||
22 | <li> remove the passphrase from the key:<br> | ||
23 | <pre><b>openssl rsa -in privkey.pem -out foo-cert.key</b></pre><br> | ||
24 | <li>convert request into a signed certificate:<br> | ||
25 | <pre><b>openssl x509 -in foo-cert.csr -out foo-cert.cert -req -signkey foo-cert.key -days 356</b></pre><br> | ||
26 | <li>create .pem file:<br> | ||
27 | <pre><b>cat foo-cert.cert foo-cert.key >foo-cert.pem</b></pre><br> | ||
28 | </ul> | ||
29 | </ul> | ||
30 | |||
31 | |||
32 | <A name=tips><B><font size=4 color='770077'>Security tips</font></B><BR><HR> | ||
33 | |||
34 | <A name=racecondition><B><font color='000077'>Avoid race condition problems</font></B><BR> | ||
35 | <UL> | ||
36 | <B> What is race condition?</B> | ||
37 | <UL>A race condition occurs when two or more operations occur in an | ||
38 | undefined manner (McKusick et al. 1996). Specifically in file | ||
39 | system races the attacker attempts to change the state of the | ||
40 | file system in between two file system operations on the part | ||
41 | of the program.</UL><BR> | ||
42 | <B> How the lib determine temporary file name?</B> | ||
43 | <UL> | ||
44 | <li>generate file name (note: keep generating until it doesn't exists)<BR></li> | ||
45 | <li>check if file exists<BR> | ||
46 | -<small>attacker can create the file now, if he knows the right filename</small><BR></li> | ||
47 | <li>check if symlink exists<BR> | ||
48 | -<small>attacker can create the symlink now, if he knows the right filename</small><BR></li> | ||
49 | <li>create the file and redirect stdout to it <BR> | ||
50 | -<small>attacker can open the file and write to it</small><BR></li> | ||
51 | <li>places a lock into file (note: not in win98)<BR> </li> | ||
52 | <li>users operations, write, flush, read<BR></li> | ||
53 | <li>unlink the filename from the OS<BR></li> | ||
54 | </UL><BR> | ||
55 | |||
56 | |||
57 | libwebserver uses temporary filenames to hold and process data before send it to client, it uses the ambient variables to | ||
58 | determine temporary directory by following order "$TEMP,$TMP,$TMPDIR and the stdio.h P_tmpdir", libwebserver have several checks | ||
59 | and it locks file for avoid attackers from messing with temporary files, meanwhile is safely to change the tempdir (setting the ambient variable) | ||
60 | to an directory that is not writable for everyone and writable to lib (setenv("TEMP","/safedir"); you can do it before the web_server_run function | ||
61 | |||
62 | |||
63 | |||
64 | </UL> | ||
65 | |||
66 | |||
67 | |||