Posts: 101
Name: Hanmore Jemimah the Fourth
Location: the front line
|
I've never understood how hackers breach scripts with buffer overflows, but I understand THAT they do it and then use the control gained over the root user to send any command they want and thus create scripts on the server, in perl (as their language of choice) and then run those scripts.
Finally I have devised a secondary way of warding that off. (The primary ways involve blocking ips, rearranging access hierarchies, permitting certain kind of access only from specific machines, etc).
Ordinary wrappers are used in servers, particularly around perl, but I'm sure you must surely be able to put them round php as well. Eg for logging actions. But if you made a wrapper which tested the data in case it was something that would cause an overload, the wrapper would get overloaded, so it's not any kind of safety. My idea was to make a wrapper which conducts encryption and decryption according to what it's told to do, which allows only authorized input from either side of the line to be transferred, so a logged-in user would be able to run scripts because they would be sending the authorization keys to the wrapper, and invaders would have to login and get accounts, making them very vulnerable, and also by strong design you could simply prevent them being able to send any data other than what we allow them to send... in many cases, perhaps all, even if they WERE logged in. Ie they are forced to use only a rigid i/o system completely controlled at my end, so no devious injections and overflows possible.
Is a linux/perl expert available to tell me what they know of wrappers? I tried to set one up in the past for something but had trouble and didn't want to risk anything but I'm gonna try again some time, so I can begin sticking this security on all perl and php that runs out of my server.
|
