Pages:
Author

Topic: Best Security Practicies for a Novice: mySQL/Bitcoin Client - page 2. (Read 1657 times)

legendary
Activity: 1372
Merit: 1008
1davout
Wrong - you may not have even heard of a thing called a "transient" being a Rails user (so don't make corrections about stuff that you don't understand).
What about transient objects ? (that exist in Rails, and in any framework that uses an ORM for the matter).
What makes you think I don't know anything else than Rails ?

And - yes good luck in finding the keys in my compiled code (which only *part* is - something script kiddies just can't do now is it).
Assuming OP is using a compiled language.

Assuming it's not trivial to decompile any kind of language to extract constants or do a memory dump for anyone who has the slightest clue about what they are doing.

Your security protects you against script-kiddies? Great! Now let's go back to real security that works with everyone.

Making it slightly harder to get the keys doesn't make a flawed security model less flawed.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
That doesn't make sense at all, if you need to query on a column chances are the application needs to be able to decrypt it at will for display or other purposes, meaning you'd have to have the keys on the server which defeats the whole thing.

Wrong - you may not have even heard of a thing called a "transient" being a Rails user (so don't make corrections about stuff that you don't understand).

And - yes good luck in finding the keys in my compiled code (which only *part* is - something script kiddies just can't do now is it).
legendary
Activity: 1372
Merit: 1008
1davout
So I'm working on a project that will hold bitcoins and of course, security is the most obvious risk/danger.

On advice of the developer we have a specially compiled version of bitcoind (unnecessary RPC calls have been removed, as well as calls that pose a security risk).
That's actually terrible advice, that means you need to maintain your separate fork of bitcoin which will make it much less straightforward to apply patches and security fixes as they come. Choose a strong password for the RPC calls, listen only on the local interface and add some iptables rules on top of it just to be sure. MUCH more secure. If you keep the "send" calls disabling other calls is pointless. If you don't keep them you might as well run a wallet such as armory.

Bitcoind runs under a separate user than the php script. SSH/ftp into the server is only possible with keyfiles.
If you have proper passphrases on the private keys it is a good idea.

All mysql calls are escaped so injection should (hopefully) be covered.
Don't reinvent the wheel, use a framework or a lib that does that for you.

A cold wallet is being implemented so the majority of funds are off-site.
Good.

I toyed with the idea of every database entry having a hash generated from all the data and the hash being periodically verified against the database to check for manipulation. But is this realistic?
No, because if someone can mess with the DB they can mess with the hash.
If you really want to go down that road keep backups and run periodic data comparisons to see if historical data has been altered.

Sensitive information, like email is encrypted and salted. The admin tools are locked to IP addresses as well, although their powers are limited in scope. Users can choose to use Google Authenticator as well.
Encryption is absolutely pointless if you keep the decryption keys on the server.

Agreed that if you are storing information that is sensitive (such as email addresses or other more personal information) then it should be encrypted.

If you need to *index* any such columns then this will make things trickier (although you could create another column for indexing purposes that contains the first x characters provided that isn't going to be a problem application-wise).
That doesn't make sense at all, if you need to query on a column chances are the application needs to be able to decrypt it at will for display or other purposes, meaning you'd have to have the keys on the server which defeats the whole thing.
legendary
Activity: 1792
Merit: 1008
/dev/null
Sensitive information, like email is encrypted and salted. The admin tools are locked to IP addresses as well, although their powers are limited in scope. Users can choose to use Google Authenticator as well.

Anything else? I'm sure there must be lots of things I'm overlooking!
encrypted + salted = ?
need more input Wink

just a basic rule: dont use fancy librarys, or libs who have/had alot of vulnerabilitys
legendary
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
Sensitive information, like email is encrypted and salted. The admin tools are locked to IP addresses as well, although their powers are limited in scope. Users can choose to use Google Authenticator as well.

Anything else? I'm sure there must be lots of things I'm overlooking!
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Agreed that if you are storing information that is sensitive (such as email addresses or other more personal information) then it should be encrypted.

If you need to *index* any such columns then this will make things trickier (although you could create another column for indexing purposes that contains the first x characters provided that isn't going to be a problem application-wise).
full member
Activity: 196
Merit: 100
With the admin tool you can make any changes you want to the database and it cannot be detected, also corruption
better to encrypt certain fields in the database
legendary
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
So I'm working on a project that will hold bitcoins and of course, security is the most obvious risk/danger.

On advice of the developer we have a specially compiled version of bitcoind (unnecessary RPC calls have been removed, as well as calls that pose a security risk).

Bitcoind runs under a separate user than the php script. SSH/ftp into the server is only possible with keyfiles.

All mysql calls are escaped so injection should (hopefully) be covered.

A cold wallet is being implemented so the majority of funds are off-site.

What other steps should I be keeping in mind? After some advice from a friend I'm worried as well about somehow the database being compromised in some slight way as to affect imperceptible shifts in balances that I would be unable to detect.

I toyed with the idea of every database entry having a hash generated from all the data and the hash being periodically verified against the database to check for manipulation. But is this realistic?

Anyone have any more ideas? Thank you
Pages:
Jump to: