[wpkg-users] security issues
Tomasz Chmielewski
mangoo at wpkg.org
Tue Jun 5 10:33:35 CEST 2007
Marco Gaiarin schrieb:
(...)
> 1) [simple, dumb] Client and server agree on a 'server signature', and
> client accept package only on match
> This is not optimal, because if someone get a client, hack it and get
> the key, we are vastly compromised because someone can build another
> server that act as the original one.
>
> 1b) if you use WPKGInstaller you can access to the WPKG server (share)
> with a user and password, rather similar to 1)
>
> 2) [rather simple, less dumb] Client and server agree on a 'client
> signature', client accept package only on match
> As 1), but with different signature per client. If a client is
> compromised, nothing worst can happen.
> On the coons, we have to manage signatures of clients server-side, and
> in a secure manner.
> Can be seen also as 'like 1b) but with different password per client'.
>
> 3) [complex, strong] use a PKI infrastructure where alla communication
> (clearly, usefoul one) are 'signed' with public keys.
Before we start we have to assume one thing: the whole "security" can't
be handled by wpkg.js itself, it has to be made by the WPKG
Client/Installer.
Also, before we start to re-invent the wheel - how does the Windows
domain client make sure that it's really the original domain server it's
connecting to?
A workstation in a domain has a domain account/password, but I'm not
sure how it prevents from connecting to a false domain server (which
just accepts each and every machine account/password).
On the other hand, probably there are some people using WPKG without a
domain; just in a workgroup, and it would be harder for them to add such
security feature.
--
Tomasz Chmielewski
http://wpkg.org
wpkg-users mailing list
wpkg-users at lists.wpkg.org
http://lists.wpkg.org/mailman/listinfo/wpkg-users
More information about the wpkg-users
mailing list