tags:

views:

175

answers:

2
+2  Q: 

How to deal with user authentication and wrongful modification in scripting languages?

I'm building a centralized desktop application using Python/wxPython. One of the requirements is User authentication, which I'm trying to implement using LDAP (although this is not mandatory).

Users of the system will be mechanical and electrical engineers making budgets, and the biggest problem would be industrial espionage. Its a common problem that leaks occur commonly from the bottom on informal ways, and this could pose problems. The system is set up in such a way that every user has access to all and only the information it needs, so that no one person but the people on top has monetary information on the whole project.

The problem is that, for every way I can think to implement the authentication system, Python's openness makes me think of at least one way of bypassing/getting sensible information from the system, because "compiling" with py2exe is the closest I can get to obfuscation of the code on Windows.

I'm not really trying to hide the code, but rather make the authentication routine secure by itself, make it in such a way that access to the code doesn't mean capability to access the application. One thing I wanted to add, was some sort of code signing to the access routine, so the user can be sure that he is not running a modified client app.

One of the ways I've thought to avoid this is making a C module for the authentication, but I would rather not have to do that.

Of course this question is changing now and is not just "Could anyone point me in the right direction as to how to build a secure authentication system running on Python? Does something like this already exist?", but "How do you harden an scripting (Python) against wrongful modification?"

+1  A: 

Possibly:

  1. The user enters their credentials into the desktop client.
  2. The client says to the server: "Hi, my name username and my password is password".
  3. The server checks these.
  4. The server says to the client: "Hi, username. Here is your secret token: ..."
  5. Subsequently the client uses the secret token together with the username to "sign" communications with the server.
John Fouhy  2009-09-02 00:53:33
The problem with this approach, is that I'm fearful of an attacker modifying some validation elements. Maybe I could simply validate serverside the credentials on every database request (something that is already on the design). Even as I agree with most of your recommendations, I'm really trying to see if someone comes up with ways to break this scheme. *I'm not fearful of the failures I can foresee, but rather of those that I can not*.
voyager  2009-09-02 13:21:39
+3  A: 

How malicious are your users? Really.

Exactly how malicious?

If your users are evil sociopaths and can't be trusted with a desktop solution, then don't build a desktop solution. Build a web site.

If your users are ordinary users, they'll screw the environment up by installing viruses, malware and keyloggers from porn sites before they try to (a) learn Python (b) learn how your security works and (c) make a sincere effort at breaking it.

If you actually have desktop security issues (i.e., public safety, military, etc.) then rethink using the desktop.

Otherwise, relax, do the right thing, and don't worry about "scripting".

C++ programs are easier to hack because people are lazy and permit SQL injection.

S.Lott  2009-09-02 01:07:36
I've come to **not** trust user input, or trust it as little as possible, but of course is one thing to not trust your users *input* and another completely different to not trust your **users**. My users will be both electrical and mechanical engineers (on an enterprise network), so they will definetly have the smarts to grasp Python (some scripting features are planned). Actually my biggest problem would be industrial espionage. May be I'm overthinking this, and trying to <analogy type='bad'>nail this down with programming, when what is needed is an organizational screwdriver.</analogy>
voyager  2009-09-02 13:04:18

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security