|
Posted by Dan Cooperstock on February 27, 2007, 10:34 am
If you were Registered and logged in, you could reply and use other advanced thread options
I'm writing an open source application that uses the Firebird embedded
database. Firebird doesn't have database encryption, and embedded Firebird
doesn't have real password security for the database. So, right away, I
understand that the database itself is not secure - if someone can take it
away from the computer, they can use it on their own install of Firebird.
Fortunately, this is not an app that needs huge security. It is for
tracking donors and donations to charities, and because it just tracks
them, there is no entry of really sensitive info like credit card numbers.
Just personal info like names, addresses, and donation amounts.
The current (non-open source) version allows for a program entry password,
although I think a majority of my users don't even use that. The problem
is, obviously, that given that the program is open source, it could clearly
easily be hacked to let you in without that password. Not that more than
about 1% or so of my users have access within their organization to someone
who could do so! The users (over 4,000 so far) are generally smallish
charities and churches, and they don't seem to have huge concerns about
security.
What really concerns me is what to do about lost passwords. Currently, if a
user writes to me and says they lost their password, I have a way to
generate a temporary back-door password that will let them into the program
and let them change their password. I think this is necessary, because it's
not acceptable to just say "too bad, you lost your data". I don't do any
special due diligence about it being the correct user, and nobody so far
has seemed to have any problem with that.
Does anyone have any advice about this last point about lost passwords? How
should that be handled in an open source environment? It's possible that in
the future the program could have a life of its own, with me not involved,
though I have no such intention at present. There might be no one clear
person to contact for help on lost passwords, and unless I also publish my
temporary password generating program, there will be no way to solve the
problem. But I feel that if I do publish the temp password generator, I'm
completely giving away the store.
I'm also interested in advice about any other aspects of this, though not
from security zealots, because I know I'm not going to take your advice.
For instance, there a number of good reasons that I picked Firebird, and I
don't intend to change that. My users are not especially concerned about
security, in my experience.
Thanks in advance for any thoughts.
If anyone wants more info on my program, it's at
www.freedonationsoftware.org.
|
|
Posted by Volker Birk on February 28, 2007, 7:37 am
If you were Registered and logged in, you could reply and use other advanced thread options
> I'm writing an open source application that uses the Firebird embedded
> database. Firebird doesn't have database encryption, and embedded Firebird
> doesn't have real password security for the database. So, right away, I
> understand that the database itself is not secure
Secure against what threats?
Yours,
VB.
--
"Pornography is an abstract phenomenon. It cannot exist without a medium
to propagate it, and it has very little (if anything at all) to do with sex."
Tina Lorenz
<https://events.congress.ccc.de/congress/2006/Fahrplan/events/1422.en.html>
|
|
Posted by Dan Cooperstock on February 28, 2007, 9:06 am
If you were Registered and logged in, you could reply and use other advanced thread options
>> I'm writing an open source application that uses the Firebird
>> embedded database. Firebird doesn't have database encryption, and
>> embedded Firebird doesn't have real password security for the
>> database. So, right away, I understand that the database itself is
>> not secure
>
> Secure against what threats?
>
> Yours,
> VB.
That's a very good question, Volker. I think realistically all I can hope is
that it protects
against unauthorized people who happen to have physical access to the computer
on which
my program has been installed getting into my program. Not people who are
determined to
get in, and have serious technical expertise, but just casually interested
people, probably
other staff or volunteers for the charity using my program.
- Dan.
|
|
Posted by Volker Birk on March 1, 2007, 4:14 am
If you were Registered and logged in, you could reply and use other advanced thread options > That's a very good question, Volker. I think realistically all I can hope is
that it protects
> against unauthorized people who happen to have physical access to the computer
on which
> my program has been installed getting into my program. Not people who are
determined to
> get in, and have serious technical expertise, but just casually interested
people, probably
> other staff or volunteers for the charity using my program.
I fear, that this will not work. One person will find out how to ignore
your security-by-obscurity concept, the others just will copy.
Yours,
VB.
--
"Pornography is an abstract phenomenon. It cannot exist without a medium
to propagate it, and it has very little (if anything at all) to do with sex."
Tina Lorenz
<https://events.congress.ccc.de/congress/2006/Fahrplan/events/1422.en.html>
|
|
Posted by Rob on February 28, 2007, 10:01 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Fortunately, this is not an app that needs huge security. It is for
> tracking donors and donations to charities, and because it just tracks
> them, there is no entry of really sensitive info like credit card numbers.
> Just personal info like names, addresses, and donation amounts.
>
I would first suggest that you reevaluate your definition of sensative
information. You might find that your doners do not agree with your
assessment.
|
| Similar Threads | Posted | | Re: Open-source bug hunt results posted | March 11, 2006, 4:23 pm |
| Open source implementation of the SEED algorithm? | February 24, 2007, 12:27 am |
| Open source two-factor authentication system released | September 1, 2005, 9:23 am |
| Software writers spot open source in Sony BMG CDs | November 20, 2005, 4:00 pm |
| USENIX Security '08 Registration Now Open | April 23, 2008, 7:02 pm |
| Planning a Career in Corporate Security? Open CSO Project | August 18, 2004, 7:01 am |
| 16th USENIX Security Symposium Registration Now Open | June 1, 2007, 5:11 pm |
| 16th USENIX Security Symposium Registration Now Open | July 2, 2007, 12:28 pm |
| Toshiba security advice: Intel AMTrisk | November 13, 2008, 10:57 am |
| RSA Security Conference 2005 - Computer Forensics Expert Advice Sought | February 16, 2005, 12:15 am |
|
XML site map