“I dont need to know”“Our network security will takecare of it.”“I applied all the web server andPHP patches.”“Security belongs in theapplication layer.”“Database security slowsdevelopment.”“Nobody will hack my website. Werun Linux.”
The cost ofunsafe dataContacting 19,000 customers:$380,000Paying for credit reports for19,000 customers:$931,000Shipping stolen merchandise:$4,600,000Lost customer goodwill andreputation as an insecure &careless company:Priceless!
Why is LAMP special?1. Agility LAMP platforms are designed for rapid development and deployment2. Constant Upgrades LAMP components are rapidly advancing3. Lightweight LAMP stacks are simple and have few layers
Why is LAMP special?1. Agility rapidly deploy security holes2. Constant Upgrades new versions new exploits3. Lightweight few layers fast to hack
authentication methodsident: host OS responsible forsecurity good for: administrative tasks bad for: external users
authentication methodshashed user/password good for: most things bad for: application server / network compromise
authentication methodskrb5 / sspi / ldap: identitychecked against authenticationservers good for: network/application server compromises bad for: performance, troubleshooting, uptime
driver toolsGoal: prevent SQL injectionprepared queries: $q = prepare(“SELECT * FROM profile WHERE user = ?”); execute($q, db_escape($this_user));
driver toolsGoal: prevent SQL injectionswitches no multi-statement read-only connection
database privilegesGoal: prevent authenticated low-level users from modifying oraccessing restricted data. SELECT FROM users; UPDATE users;
database privileges Privileges Rule #1: your app should not be connectingas the database owner or superuser
ROLEscreate some ROLEs (users and groups) public application_user db_admin application_admin superuser users admins dataentry readonlyclaudio felipe leo wei-chen guest
privilegesbest way to restrict access tospecific dataSQL standardBoth MySQL & PostgreSQL support: database/schema, table, column
privilegesPostgreSQL privileges: tables: SELECT, INSERT, UPDATE, DELETE, ALTER schema: USAGE, CREATE, ALTER function: EXECUTE, ALTER database: CONNECT, TEMP, CREATE, OWNER
database abstractionGoal: prevent theft of sensitivedata by not allowing direct accessto base tablesschema admin schema member rights members settings profiles messages view user_names users login() change_pw()
database abstractionviews a VIEW is a “stored query” with its own permissions limit access to specific rows or columnsstored procedures SECURITY DEFINER procedures allow controlled privilege escalation make sure to lock them down, though!
encryptionGoal: prevent misuse of sensitivedata by anyone who has managed tocapture itthe only protection againstphysical possesionencrypt your backups!
encryption1. encrypted authentication2. encrypted connections3. encryption of specific data4. whole database encryption
What do you do ifthey get in anyway?sometimes your other measures fail exploits loopholes misconfigurationsometimes the bad guys havelegitimate access users staff sysadmins
database auditingGoal: know what happened after ithappened, and be able to restoreyour data without searching backuptapes.
auditing: logsdozens of log options users connections queries run errorsthe log can help you analyze abreak-in maybe even tell you what was stolen
secure your logsbest way to find “DBA corruption” make sure that not even the admins can erase/alter all copies make sure few people can change postgresql.confuse a secured log server “syslog” is good for thismake a plan for secure logarchiving
data auditingGoal: figure out exactly which datachanged, when and how, and be able toreverse it.Methods Triggers Replication Snapshots
data auditingtable members.profiles member | interests josh | pottery, cookingtable audit_members.profiles member | interests | changed | change_by josh | gaming | 5/23/01 | claudio josh | pottery | 3/24/08 | felipe
contactJosh Berkus email@example.com it.toolbox.com/blogs/database-soupPostgreSQL www.postgresql.org SEPostgres: http://code.google.com/p/sepgsqlPostgreSQL Experts, Inc. www.pgexperts.com Thanks to KaiGai Kohei for SEPostgres diagrams, and to Harrison Fisk for MySQL examples. Thanks to Google Images for the various images, which belong to their original owners. Copyright 2009 Josh Berkus, distributable under the creative commons attribution license