Kyle Hamilton wrote: > If your company hires a security consultant, s/he will state the > same thing. > > -Kyle H
The fundamental problem is this: You have one door. Every customer must walk through it. However, you don't want a customer to run amuck once he gets through the door. Your solution is to put more and more locks on the door, and give the customer the key to each one. All of these locks only keep people from going through the door. But the very people who you need to let through the door are the same ones you need to keep from running amuck once they get through the door. No amount of additional locks on the door will do this. You cannot give a person a credential that allows them to do things you must prevent them from doing. You must make it so that their credentials only allow them to do things you would like them to be able to do. It is unfortunate that you are in the position you are in, as it is a nearly hopeless one. Security cannot be added as an afterthought. It must be designed in from the very beginning. You must construct a threat model, state security requirements, and build into the design a way to meet those requirements and defeat all plausible threat models. Honestly, the type of schemes you are considering as band-aids are unlikely to slow down a determined attacker very long. I would bet dollars to donuts that the end result will take less than a day to break. Your scheme requires you to put the credentials where an attacker can get them in unencrypted form. All an attacker need do is terminate your process as soon as it attempts a network connection (or intercept its filesystem calls and snapshot every file before it is deleted or overwritten). Your scheme requires these credentials to be sufficient for someone to do harm. Bluntly, your scheme is hopeless from a security standpoint. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org