FreeRadiantBunny docs

Security Design

Some data are public. Some data are private.

Philosophy of Open Security Design

Introduction

An important part of the security design is that the design is documented so as to make it easier to understand. Vulnerabilities should be spoken, up-front, in an honest fashion. Plus, the documentation could be very much a study tool in that it could easily have many techie explanation such as how to set up a system may be operated on a website using SSL certificate and https protocol.

FreeRadiantBunny Security Design

There is plenty to sort out. So, let's get right to it. Here is the outline of our efforts to design security into the system:

Every Row Is Owned By a Username

So, we design the web application so that each row of data is associated to a username and then design access to a username so that it is password protected.

Users Manage Usernames Which Own Rows of Data.

The FreeRadiantBunny system should recognize the ownership of data. So, each row of data should be stored in the database so that each row is associated with a username. This username then needs to be associated with a system that allows a user to maintain a username.

The set-up of this username needs to be documented. A row is, in a sense, an atomic part, in that it's ownership via the username cannot be shared.

Filter the Input and Enable Specific Capabilities

Then we make attempts to design the code to enable only very specific computer processing capabilities. Our fundamental security strategy is to filter the input and enable only a very specific set of capabilities, while letting all other commands fall by the wayside.

Systems Identified & Mapped

There are lots of systems with a modern web application. So many systems, it is really a wonder of technology.

Listing All of the Security Subjects To Address.

Each of these systems has its own "how to secure" literature. These documents are a terrific starting point in our quest to educate ourselves. We need to understand how the systems work and we can do that by reading how the system potentially fails and failure can be prevented.

This list is going to be daunting. When we read, we want to think in terms of the FreeRadiantBunny code. We can document the "map" of our data's travels through these various systems. The table aims to identify the sources of information and perhaps some of the termonology used to on the map of systems.

Systems of a Modern Web Application
used when using FreeRadiantBunny

1 browser security

Being Tested using Firefox

Using the firefox browser and the issue is trust and the question is what is happening to the data that you are using and the data generated while you are computing. Also, there the system should private, so that others are not informed about FreeRadiantBunny processes or even that the webapp is being used at all.

Also, the browser is the program that is making the secure connection and so this needs to be studied, understood, and considered.

Also, we need to get firefox security updates of the software promptly.

2 database management system security

Being Tested using PostgreSQL

The development community has a Security Information place for support.

The concept is mentioned in the documentation in Chapter 28. Security.

3 php security

Being Tested using PHP as an apache module

The concept of security is discussed in the PHP Manual - Security.

The concept of PHP language is installed as an Apache module.

The PHP code makes the connection to the database.

PHP is design to help with inputting user submitted data.

4 webserver security

Being Tested using apache in localhost context

Security considerations on the local test laptop have to do with Hardening Apache on debian.

Being Tested using apache in hosted webserver context

Security considerations on the local test laptop knowledgebase from hosting service

5 operating system

Being Tested using specific versions of GNU/Linux and Mac OS 10.6

We probably have to find out the information for several servers, the operating systems (GNU/Linux (distro: Ubuntu security notices; Desktop Environment: Xfce Security Vulnerabilities ), MacOS X 10.6 (snowleopard) Security and Technology) of the local development computers and the operating system of the webserver.

Being Tested using GNU/Linux (and these systems interact in holistic fashion)

Here is some holistic information, the first of many, FOSS Network Infrastructure and Security/Introduction to FOSS and GNU/Linux. We have to be careful not to get swamped here. Obvious this literature traces back to the origins of computing.

6 login security

Being Tested using Auth.php

Using module that is installed via the cpanel: using the pear install Auth.

Was looking at this project, however it is too difficult for me to install using cpanel: The PHP-LOGIN project has a version called huge.

7 robots.txt security

Being Tested using a robots.txt

We could ask: Robots.txt security strategy?

8 email privacy

Being Tested using email

Because we use email to authenticate the login, we should be aware of the basics such as descrbied here: wikipedia: Email Privacy.


Track Client-Server Interaction

Here now I will attempt to think systematically about what is taking place. I write it down here so that I can contemplate where my thinking may be faulty or where there is an system-interaction perspective that I have not yet considered and would want to add.

My strategy will be to try to take subsets of the situation and consider what gets through.

Here then is the story. The user and the system, with the designer somewhere else. Here is the data that is generated, the commands that are executed and the general path that the data take. Gulp!

Assumptions:

given domain_name

1. In the Browser context, a User clicks on a hyperlink that contains a URL.

The URL contains the given domain_name, so continue.

2. The Browser uses a Network to make a TPC connection and to send HTTP commands to a server at IP address implied by the given domain_name.

The HTTP command should be GET or POST.

3. The Webserver (Port 80) processes the HTTP command and this includes checking the .htaccess file in the directory in which the file resides.

Below is a reprint of the code in the .htaccess file. Note that the index.php file because the entry way for access the FreeRadiantBunny code. The last statement hides the files associated with the git application.

RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]+)/?$ index.php?class_name=$1 [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]+)/([^/]+)$ index.php?class_name=$1&specifier=$2 [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]+)/([^/]+)/([^/]+)$ index.php?class_name=$1&specifier=$2&third_seat=$3 [L]

RewriteRule \.git - [F,L]

What happens if a user tries access a file other than index.php?

Otherwise everything goes through index.php.

4. The Webserver finds a Filename (e.g. index.php).

5. The PHP module parses the text in the index.php file and executes the code.

Refer to an expert on php security. Practice secure php coding.

5-A. The code executes in a path that uses a config file that enables classes and disables classes.

Only some classes are available. (Maybe even set it up so that the files of the not-used classes are deleted from the system.)

5-B. One php file may cause other PHP files of code to execute.

Not sure how to derive these but there should be a system class activation map showing classes included in each type of request.

5-C. The php code accesses database management system (postgres) and the specific database of a specific database user.

Refer to an expert on database security.

5-D. Text in the form of HTML is sent back to the browser. (This text references images and other media.

Consider what could go rong if an image or media is referenced in the webpage.

Private Data & Public Data

Some data are private. Some data are public. This document looks at how the program deals with these designations. Overall the strategy is to look at the security at many different levels.

License and Copyright Issues

The license issue probably starts here. Have a field that describes the license. Perhaps this is meta data and polymorphic connector.

Access Control

The subject of access control. How does a user gain access to the application.

In usr/config.php use variable $known_class_names to limit access to php files.

Testing

Several perl scripts are used to check the integrity of the code.

A program that automatically checks the application via the browser needs to be implemented. In my notes I have a list of major players in this arena, but they all seemed complicated to install.

Filter and Validator Strings

All of the agent classes need to obtain their strings from a parent class level filter and validation class.

Each of the classes needs to be vetted for interaction from outside and marked to version 1.3.