Helping a friend of mine put a project together, and ran into a situation that I think would pose a pretty big security risk, but I'm no expert and wanted to get some ideas from others.
Basically, the part I'm working on is a telnet server of sorts. One of the things that it's able to do is interact with the SMF databases. It uses the SMF user database for login information, and can read/write messages via telnet. (To select users, not for everyone, they have to be flagged first.) It doesn't create users; they would need to be created by SMF itself first.
Anyway, the server is a "spare machine in the basement" type of setup. Bandwidth is an issue though. He also has an actual hosting account that provides the usual stuff (PHP, MySQL etc etc).
The host provider has remote MySQL database connections disabled for security reasons; it can only be accessed by PHP code on the host itself. What he was wanting to do was host the website stuff (including SMF) on the paid host's server, but use a MySQL server on the local machine so the telnet server program I'm working on can access it. The local machine handles telnet and MySQL, the host handles the web stuff/email/downloads/etc. The local host is running Ubuntu Linux Server, the host is Linux but not sure what flavor.
Obviously I'm pretty concerned about the security of that setup. I know I can restrict what IP's that can connect to the MySQL server, but that can be beaten with an IP spoof I would think. The local machine has a SSH server running but it's unable to be hit from outside the local network. The only ports being forwarded are 3309 for MySQL and a port number I picked out of the air for the telnet server.
Just how secure would this type of setup be? Would I be better off just hosting SMF/etc on the local machine as well, keeping downloadable and other large stuff on the hosting server? I can edit the DNS records for the servers; I was thinking www.whatever.com could point to the local machine, and (for example) storage.whatever.com would point to the paid host for the storage stuff that I don't want eating bandwidth. (Downloads and the like)
Could use some input on this -- thanks
I wouldn't use telnet for one. The protocol is plain-text and when doing security-sensitive stuff, not something you want. You should look at using SSH for the communication back and forth.
It is true that allowing remote MySQL connections is a security issue, and IP spoofing can work to a degree (mostly for one-hit attacks, the server can't respond back). The bigger concern is the bandwidth you'll be using. The communications with MySQL are not the lightest thing, especially for busy sites, and you don't want to push that onto a WAN connection. Also, MySQL communications aren't secured by default, so you can get someone listening on the traffic or even modifying what is being sent.
Personally, I'd look at what you are trying to do and figure out a better architecture. You could also look at a dedicated server where you have more control over what you are doing.
You still need a good amount of bandwidth for the mysql connections. Not to mention that the forum will be slower due to the queries transmitting over the internet.
Just build a php wrapper for both ends. You php script will validate you and then allow you to execute SQL statements.
Lainaus käyttäjältä: Motoko-chan - helmikuu 12, 2008, 03:52:58 IPI wouldn't use telnet for one. The protocol is plain-text and when doing security-sensitive stuff, not something you want. You should look at using SSH for the communication back and forth.
Blah I meant SSH. Saying telnet is just force of habit from an old lady who grew up on telnet back in the day. But thanks for pointing that out as it's a good concern.
Lainaus käyttäjältä: rsw686 - helmikuu 12, 2008, 03:57:53 IPJust build a php wrapper for both ends. You php script will validate you and then allow you to execute SQL statements.
I
think I'm understanding what you're saying here. The local side code is a custom server written in C++, the hosted stuff is PHP obviously. Basically what you're suggesting is keeping everything on the hosted server. Then, using some custom PHP code, I have my local stuff call that PHP script, pass some parameters, and it'll pass back what I'm needing? (IE, one script for logging in can send the username/password combo to the web server, which will return a pass/fail, or another script to retrieve messages, etc, basically kinda sorta extending the SSI code?)
Lainaus käyttäjältä: Jen Smith - helmikuu 13, 2008, 12:14:49 AP
I think I'm understanding what you're saying here. The local side code is a custom server written in C++, the hosted stuff is PHP obviously. Basically what you're suggesting is keeping everything on the hosted server.
Yep keep it all on the hosted server.
Lainaus käyttäjältä: Jen Smith - helmikuu 13, 2008, 12:14:49 AP
Then, using some custom PHP code, I have my local stuff call that PHP script, pass some parameters, and it'll pass back what I'm needing?
Exactly. I would probably go with XML formatted responses. You would only need one PHP script and based on the XML tags the script would know what function to send it to. After it executed the command it would send an XML response back to your C++ program with the results.
For example you could send
<login>
<username>john</username>
<password>pass</password>
</login>
and get back
<login>
<result>success</result>
</login>
Or send
<query>
<sql>SELECT ID_MEMBER, memberName FROM smf_members</sql>
</query>
and get back
<query>
<result>
<row>
<ID_MEMBER>101</ID_MEMBER>
<memberName>John</memberName>
</row>
<row>
<ID_MEMBER>102</ID_MEMBER>
<memberName>Bob</memberName>
</row>
</result>
</query>
You probably would want to use some form of encryption. Since this is a fixed setup it would be easy to define the keys.
Here's a reference for the PHP XML parser. http://us2.php.net/xml
Interesting idea. Would certainly cut down on inter-server bandwidth I would think, and the SQL server won't be exposed to the Internet begging for a hacker to fool with it. There'll still have to be a local SQL server running (this server app does more than work with SMF) but that won't be a big deal. It can query SMF via your idea for the user data, then once it has a user number it can work with the local data for the other stuff.
Thanks for the tips.