Brad Chapman wrote: > > Okay, so we should stick our temp directory in a > protected/non-accessable location. I think this should be defined in > the config file. I think the article is saying the user should have a $TMP_DIR environment variable set that gives the location of a temp directory ACCESSIBLE ONLY TO THE ONE USER. But I can't find a $TMP_DIR variable on my system. We could have the user define one in their .*shrc file. But heck, why not have... $USER_HOME/loci/temp/ ??? That would limit temp directory access to the user alone. The problem is crackers/script-kiddies often place evil things in temp directories that can compromise system security. This has actually been the cause of many security changes in big apps like apache and sendmail. > Okay, this is something I'm definately not doing. The temp files > describing a front end are very structured (purposely, to make it > easier to read and debug and to make the represenation of the > workspace make sense). I don't think it would be that hard to start > making them random names, we could just define a dictionary that maps > random numbers to actual names: > > save_file[234A58B67] = 'workspace1/workspace2/viewer3.xml' > > or something like this. But I don't really understand the security > argument here. Why should it matter to have random versus ordered > names? I think what happens is a script-kiddie catches on to the fact that an application _always_ places a file with a set name in /tmp. For example, if an application has a file named... /tmp/temporary.file a kiddie can put a symlink in its place... /tmp/temporary.file@ that will cause the application to save things to places even less secure. A randomly named temp file would prevent this. (But, I'm not a security guru.) > > Also make sure that the file doesn't exist before creating it, > > Right now the way it creates directories and files, files will never > be written over the top of each other. I think this is for the exact same reason as above. The program should check for the existence of a symlink where a file is to be written. > Do you think this article implies I should change things about the > current storage to make it safer, or am I doing things right? I'm not > positive about the random file stuff. Well, I believe all the points the article makes are good. But we can worry about this stuff as Loci gets bigger and more widely used. Cheers. Jeff -- +----------------------------------+ | J.W. Bizzaro | | | | http://bioinformatics.org/~jeff/ | | | | BIOINFORMATICS.ORG | | The Open Lab | | | | http://bioinformatics.org/ | +----------------------------------+