Обсуждение: PKI/SSL Client/Server Certificate Authentication
The current PKI implementation seems to support the encryption aspects of SSL/TLS, but what about using Authorization/Authentication? I.e., when you configure SSL on the server, you're not specifying a trusted CA cert (or directory of trusted CA Certs). The client can specify REQUIRE_SSL environmental variable, but client can't present an X.509 certificate. There are no options on either the client or the server to verify the authenticity of the peers certificates. I ask because I generally discourage the practice of embedding database passwords into source code. That reminds me of Oracle, Solaris, and a lot of other dirty, decrepit, security-hole-prone configurations. However, "Another popular open source RDBMS" (whose name we wont mention here) has a nifty feature that permits the mapping of certain Attribute pairs in the DN= (sometimes called the "Subject) of a client X.509 certificate into the Username credential field. Thereby: - The database and the client submit CSRs to an mutually exclusive CA in the organization - The CA signs and returns X.509 certs to both. - The server and client libraries configure to trust local copies of the CA Cert - The server requires client cert verification against the CA on the server config - The client requires server cert verification against the CA on the client config - The server configures a username/access grant like such: GRANT ALL PRIVILEGES ON dbname.* TO -> 'web-app-meta-user'@'web-server-inside-dmz' -> IDENTIFIED BY 'goodsecret' (Optional) -> REQUIRE SUBJECT '/C=EE/ST=Some-State/L=Tallinn/ O=MySQL demo client certificate/ CN=Tonu Samuel/Email=tonu@example.com' -> AND ISSUER '/C=FI/ST=Some-State/L=Helsinki/ O=MySQL Finland AB/CN=Tonu Samuel/Email=tonu@example.com' -> AND CIPHER 'EDH-RSA-DES-CBC3-SHA'; - Thus enforcing two-stage authentication, a very healthy practice. This adds a level of redundancy to security (In conjuntion with the use of Views, ACLs, Firewall rules, Password Rotation, Auditing, Secure coding practices, etc.) If a "bad person" were to somehow obtain a copy of the source code with a password embedded in the connect string (Steal it from a developer who uses Windows, or maybe convince Apache to not interpret PHP before sending to the client, something stupid like that), they would still be unable to connect without a client certificate. This two-stage authentication model is in use in Apache, OpenSSH sshd(8), OpenLDAP, and FreeRADIUS (with EAP-TLS + PAP/CHAP). It's even used on the Cisco 3000 series VPN Concentrator by default (in all it's glory). It's definately a very useful feature tha we should aspire to offer. Thoughts? TIA, ~BAS
"Brian A. Seklecki" <lavalamp@spiritual-machines.org> writes: > If a "bad person" were to somehow obtain a copy of the source code with a > password embedded in the connect string (Steal it from a developer who > uses Windows, or maybe convince Apache to not interpret PHP before sending > to the client, something stupid like that), they would still be unable to > connect without a client certificate. So they steal the client certificate file instead of (the file containing) the password. How exactly is this more secure? regards, tom lane
On Fri, 13 Jan 2006, Tom Lane wrote: > "Brian A. Seklecki" <lavalamp@spiritual-machines.org> writes: >> If a "bad person" were to somehow obtain a copy of the source code with a >> password embedded in the connect string (Steal it from a developer who >> uses Windows, or maybe convince Apache to not interpret PHP before sending >> to the client, something stupid like that), they would still be unable to >> connect without a client certificate. > > So they steal the client certificate file instead of (the file > containing) the password. How exactly is this more secure? You'd have to get a local shell on the server *plus* the password. If a hacker can get a local shell on your web server (not a multi-user environment, obviously), and the Web server isn't in a jail, then they've probably got your database server too, and you might as well pack up and head home. But with OCSP, the CA for the organization can revoke the validity of a Cert at any time by updating the CRL. The password is entirely optional for the user. When you've got a Vhost running multiple Apps talking to the same BD, and the Web servers runs as the "www" or "http" user, you can even plug multiple database user passwords into user ~/www/.pgpass and the username is mapped via the Client X.509 cert. In short, it's a deterrent to hackers and a convenience to admins. But we all know if someone wants in, they'll get in and it won't be some kind of attack a weakness in X.509 PKI, it will be the develpoer on Windows that opens the e-mail with the attachment (or image file!) ~BAS > > regards, tom lane > > ---------------------------(end of broadcast)--------------------------- > TIP 6: explain analyze is your friend > l8* -lava x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8
On Fri, Jan 13, 2006 at 12:19:38PM -0500, Brian A. Seklecki wrote: > In short, it's a deterrent to hackers and a convenience to admins. But we Not just that. Unless something big has changed when I wasn't looking, the jdbc driver can't use the .pgpass mechanism yet; but it _can_ use SSL, except that it doesn't have the ability to validate via certs. So there'd be another potential use case for this. I briefly toyed with trying to find someone to implement cert-based authentication, but found I had other things more pressing (so the TODO fell off the end of my list). A -- Andrew Sullivan | ajs@crankycanuck.ca I remember when computers were frustrating because they *did* exactly what you told them to. That actually seems sort of quaint now. --J.D. Baldwin