I'll agree with that. We used to run tripwire on a FreeBSD server during
one of my previous jobs. Of course, Tripwire won't stop people modifying
the in-memory component, but it will alert you if the version on disk
changes. Oh, and you can run tripwire off read-only media, so you don't
have to worry about people changing your tripwire binaries or your
generated hashes.
Anthony Israel-Davis wrote:
Well, it sounds like what you really need is external change detection,
like Tripwire. As full disclosure, I am a Tripwire employee, so I am
biased, but there are other products out there that do this sort of
thing such as snort as well as open source versions of tripwire (see
sourceforge.net).
The method Nathan suggested would work, but you'd need to know what you
are hashing is in a known and trusted state (which I think he
mentioned.) Once you know the file is good you can compare against that
hash. If an update is made you will need to update that hash if the
update is "approved" or roll back the code if it is unauthorized.
Again, there is software out there that does exactly this sort of thing,
but it's not impossible to roll your own with CF. I think you would want
to dedicate a separate server instance to doing this sort of
thing...maybe use the asynch gateway. I doubt you'd want to dedicate the
overhead in a real time production environment with external users.
Feel free to email me offline if you have specific questions about
Tripwire, and forgive me if this is somewhat incomprehensible - Oregon
Brewers Festival is going on and I'm just back from lunch...
Anthony
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: Friday, July 29, 2005 12:27 PM
To: [email protected]
Subject: [CFCDev] Digesting components
Forgive me if this has been asked before. I need to check that a
component
has not been altered. I have a security object that authenticates users
but I want to double check that my object hasn't been tampered.
Lets say my security object resides in server memory.
<cfset server.security = createObject("component","objects.security")>
Before I make the call
server.security.authenicateUser(username,password)
I'd like to do something like
<cfif not hash(server.security) = "E3435345CC89AEE62345CC89AE345CC8">
<cfthrow "Tampering has been detected">
<cfelseif not server.security.authenicateUser(username,password>
<cfthrow "Username and password are not valid">
</cfif>
Obviously hash() won't work and I've been trying to use one of the Java
message digest calls digest = CreateObject("java",
"java.security.MessageDigest") but haven't gotten it to work with
converting the component to something the digest will take. Any
suggestions
as to what I could do?
Jason Cronk
[EMAIL PROTECTED]
----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email to
[email protected] with the words 'unsubscribe cfcdev' as the subject of
the email.
CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting
(www.cfxhosting.com).
CFCDev is supported by New Atlanta, makers of BlueDragon
http://www.newatlanta.com/products/bluedragon/index.cfm
An archive of the CFCDev list is available at
www.mail-archive.com/[email protected]
----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email to
[email protected] with the words 'unsubscribe cfcdev' as the subject of the
email.
CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting
(www.cfxhosting.com).
CFCDev is supported by New Atlanta, makers of BlueDragon
http://www.newatlanta.com/products/bluedragon/index.cfm
An archive of the CFCDev list is available at
www.mail-archive.com/[email protected]
--
Haikal Saadh, Applications Programmer
Teaching and Learning Support Services
K405, Queensland University of Technology, Kelvin Grove Campus
[EMAIL PROTECTED], 3864 8633
CRICOS No. 00213J
----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email to
[email protected] with the words 'unsubscribe cfcdev' as the subject of the
email.
CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting
(www.cfxhosting.com).
CFCDev is supported by New Atlanta, makers of BlueDragon
http://www.newatlanta.com/products/bluedragon/index.cfm
An archive of the CFCDev list is available at
www.mail-archive.com/[email protected]
