Play Now Login Create Account
illyriad
  New Posts New Posts RSS Feed - Design Discussion (offtopic from Fav Petitions)
  FAQ FAQ  Forum Search   Register Register  Login Login

Topic ClosedDesign Discussion (offtopic from Fav Petitions)

 Post Reply Post Reply Page  <123>
Author
GM ThunderCat View Drop Down
Moderator Group
Moderator Group
Avatar
GM

Joined: 11 Dec 2009
Location: Everywhere
Status: Offline
Points: 2150
Direct Link To This Post Posted: 24 Mar 2010 at 18:30
Originally posted by HonoredMule HonoredMule wrote:

I'm pretty keen on prepared statements myself.  I'm of a mind that if the front-end team can't be trusted to systematically handle SQL safely, they're probably going to create even bigger security holes via arbitrary code execution, which can include SQL anyway--and the restrictions just increase the back-and-forth/red tape, slowing development.  But if I were working with a larger team on larger deployments (i.e. the front and back end teams are actually separate entities as opposed to the same person or team of 3 people), I'd disable non-stored-procedure queries on the back end too.
Heh, not worried about the front-end teams code; just like to be in the stituation where if the web servers security is breached you still can't affect much Big smile

Obviously, it depends on the situation. If its an internal or closed user group business app then direct SQL isn't such a problem.
Back to Top
GM Stormcrow View Drop Down
Moderator Group
Moderator Group
Avatar
GM

Joined: 23 Feb 2010
Location: Illyria
Status: Offline
Points: 3626
Direct Link To This Post Posted: 24 Mar 2010 at 18:33
Originally posted by HonoredMule HonoredMule wrote:

I'm of a mind that if the front-end team can't be trusted to systematically handle SQL safely under any circumstances whatsoever, and they're probably definitely, regardless of their best intentions going to create even bigger security holes via arbitrary code execution, which can include SQL anyway....


Fixed it for you, HM Wink
Back to Top
HonoredMule View Drop Down
Postmaster General
Postmaster General
Avatar

Joined: 05 Mar 2010
Location: Canada
Status: Offline
Points: 1650
Direct Link To This Post Posted: 24 Mar 2010 at 18:44
lol.

I admire your fatalistic optimism.
Back to Top
GM Stormcrow View Drop Down
Moderator Group
Moderator Group
Avatar
GM

Joined: 23 Feb 2010
Location: Illyria
Status: Offline
Points: 3626
Direct Link To This Post Posted: 24 Mar 2010 at 18:47
Originally posted by GM ThunderClap GM ThunderClap wrote:


I may slip some .NET into the db when SC's not looking (Shhh...); but mainly just for things SQLServer is bad at: email, raw file i/o etc - naturally kicked off into an asynchronous thread to keep up the linear execution speed of the procs. But we don't talk about that Wink


A witch! Burn him!
Back to Top
fluffy View Drop Down
Forum Warrior
Forum Warrior
Avatar

Joined: 02 Mar 2010
Status: Offline
Points: 335
Direct Link To This Post Posted: 24 Mar 2010 at 18:50
Originally posted by GM Stormcrow GM Stormcrow wrote:

Originally posted by GM ThunderClap GM ThunderClap wrote:


I may slip some .NET into the db when SC's not looking (Shhh...); but mainly just for things SQLServer is bad at: email, raw file i/o etc - naturally kicked off into an asynchronous thread to keep up the linear execution speed of the procs. But we don't talk about that Wink


A witch! Burn him!


You don't look like a newt Confused
Back to Top
HonoredMule View Drop Down
Postmaster General
Postmaster General
Avatar

Joined: 05 Mar 2010
Location: Canada
Status: Offline
Points: 1650
Direct Link To This Post Posted: 24 Mar 2010 at 18:52
Question:  In more general situations (the game's event queue being a unique circumstance), if a webserver is compromised, doesn't the attacker pretty much have run of the palace just using any of the methods needed to accomplish actual functionality anyway?  Normally, a web-based app is designed to manage an information system, making it the already critical point of failure, security wise.

Coming from my background, possibility of a compromized db was a serious concern not because of elevated access to the app's database, but because of access to other databases of other applications (otherwise protected by the requirement of different access credentials), including such things as customer information and credit card numbers (even CVV numbers for some naughty apps...ouch).

Such compromise was not in any way possible under any circumstance by through a hacked app, regardless of how the DB was accessed.
Back to Top
rescendent View Drop Down
Greenhorn
Greenhorn
Avatar

Joined: 05 Mar 2010
Status: Offline
Points: 60
Direct Link To This Post Posted: 24 Mar 2010 at 19:03
Originally posted by GM Stormcrow GM Stormcrow wrote:

Originally posted by GM ThunderClap GM ThunderClap wrote:


I may slip some .NET into the db when SC's not looking (Shhh...); but mainly just for things SQLServer is bad at: email, raw file i/o etc - naturally kicked off into an asynchronous thread to keep up the linear execution speed of the procs. But we don't talk about that Wink


A witch! Burn him!
Sounds like a strong kind of magic!
Back to Top
GM ThunderCat View Drop Down
Moderator Group
Moderator Group
Avatar
GM

Joined: 11 Dec 2009
Location: Everywhere
Status: Offline
Points: 2150
Direct Link To This Post Posted: 24 Mar 2010 at 19:03
Originally posted by HonoredMule HonoredMule wrote:

Question:  In more general situations (the game's event queue being a unique circumstance), if a webserver is compromised, doesn't the attacker pretty much have run of the palace just using any of the methods needed to accomplish actual functionality anyway?  Normally, a web-based app is designed to manage an information system, making it the already critical point of failure, security wise.
Not really; they can only do what a player could do via the web site and there are checks internal to the stored proc which ensure you can only do them if you have the right resources, tech etc.

If you were use direct sql the web site access to the database would give it the ability to do updates etc on the tables - in which case you do a whole host of things you shouldn't be able to do.
Back to Top
HonoredMule View Drop Down
Postmaster General
Postmaster General
Avatar

Joined: 05 Mar 2010
Location: Canada
Status: Offline
Points: 1650
Direct Link To This Post Posted: 25 Mar 2010 at 00:24
Right.  What I'm meaning to say is that you have far more capacity to control what can be done by an authorized entity (i.e. the webserver) than you would more typically.  There's clearly a lot that is done to carry out game progress and comparatively very little the website needs to be allowed to do.  CRM software, for example must be able to access and arbitrarily modify so much sensitive information, and do so much with it interactively (such as charging credit cards or reversing charges) that compromising the CRM itself is about as serious a security leak as one can have, regardless of how tightly DB access from the webserver is controlled.

Of course that's where good software should ideally be splitting the front end into an actual front end and a middle tier for business logic and some more dynamic/heuristic security checks.  At least then you can, for example, keep full credit card numbers away from the web server, though it must still be allowed to do things with the credit card numbers it can't see.

In practice, I've never actually seen a proper 3-tier web-based project.  To be honest, the stuff I've seen in the wild kind of scares me.  But like I mentioned earlier, the clientele for which I was indirectly working was a bit seedy, and a hard sell for security improvements that require a rewrite for existing architecture that just plain sucks.  One already takes his chances, I guess, when dealing with telemarketers or borderline-fraudulent web services (like sites selling access to casting calls that were just scraped from other sites like craigslist).  Just don't be surprised if having a hard time canceling your account isn't your only grief.

I'd love to find a similar shop but working on more respectable projects.  My coworkers and boss were awesome, but their business associations less so.

I absolutely love the hat, by the way.  It's impossible to find a decent bowler hat around here that fits my narrow head.  So I wear a soft fedora instead. Cry


Edited by HonoredMule - 25 Mar 2010 at 00:26
Back to Top
HonoredMule View Drop Down
Postmaster General
Postmaster General
Avatar

Joined: 05 Mar 2010
Location: Canada
Status: Offline
Points: 1650
Direct Link To This Post Posted: 25 Mar 2010 at 05:02
Stormcrow, are you familiar with thedailywtf.com?  There's a thread in my alliance's forum labeled "Perhaps the purpose of your life is to serve as a warning to others."  Sadly, everyone frequents that thread often,  myself included.  thedailywtf.com is the software engineer's version of that thread.  Being a DB admin yourself, I figured you'd especially enjoy the site's latest article:

http://thedailywtf.com/Articles/The-Certified-DBA.aspx
Back to Top
 Post Reply Post Reply Page  <123>
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2019 Web Wiz Ltd.