how to secure a directory ?

how to secure a directory ?

Post by Kari » Wed, 10 Jul 2002 04:29:40



Hello !

I have a server which sends data to a client using openssl. Those datas are
written in a directory toto which is in /tmp. Is it possible to secure the
directory toto by using encoding ?

Thanks a lot for your answers

Karim.

 
 
 

how to secure a directory ?

Post by Mark Ra » Wed, 10 Jul 2002 06:40:02



>I have a server which sends data to a client using openssl.

Any particular protocol over openssl, or just a generic data stream?
Not that it matters, probably.

Quote:>Those datas are written in a directory toto which is in /tmp. Is it
>possible to secure the directory toto by using encoding ?

Perhaps.  We really need more information to answer the question.  From
whom do you wish to secure the data?  By whom should the data be
retrievable?  What kind of attacks do you want to secure against?

Generally, Unix permissions are sufficient here, no encryption needed.
Just make sure you're securely creating the directory and files, and no
other users will be able to read them.  

If you're trying to secure the system without trusting filesystem
permissions, you're probably in trouble.  If this is purely a relay,
then sure - the data can be encrypted (gpg is probably easiest) before
sending to this machine, and decrypted only after it leaves the machine.
This simplifies things a lot, as you don't need to use ssl at all, any
transport will do.

If it's NOT purely a relay, and this machine needs to actually do
something with the data, then you must invest in some level of trust in the
security of the system.  A malicious root user can read the files, can
read encryption keys from memory, can mess with the data streams, and
make dozens of other very-hard-to-prevent attacks.

You do get some extra security by encrypting files in addition to
setting proper permissions, but it may not be worth the somewhat large
amount of extra effort.
--


 
 
 

1. Secure Secure Secure

O.k...
So...
Rookie question here...
We are running Red Hat Linux and have setup our DNS box and Web Servers,

All is well.
Now.....We want to be able to run Secure web sites on this system and do
not have the slightest clue as to how to do it.
I have been told I have to find some "hard to get version of Apache"
that supports 128 bit encryption...
Basically...
what do I need to do to be able to host secure web sites.
Buy a site certificate?........Where?
What software do we need.?
Can we do this just using cgi scripts?
Any suggestions ????

Please....if you are able to clarify this whole secure site thing...drop
me an e mail at

I will really appreciate it.....

thanks in advance..

Brian

2. I hate the direction of GNU/LINUX.

3. Apache 1.3.3 w/ssl user directory problems in SECURE RH5.2

4. Linux Deployment Tools

5. Apache & Secure Directories

6. Kernel Compile Problem

7. FTP Server Secured logins and home directory

8. emacs says: Error in init file

9. how to setup a secure "incoming" ftp directory?

10. Setting secure directory ownership

11. /lib/secure/64: No such file or directory

12. Securing web site directories using Apache Server

13. Securing Directory in Apache