Created a security overview page as a quick guide to Trac users.
[Imported from Trac: page TracSecurityOverview, version 1]
parent
584872944f
commit
af7c0bd0f3
28
TracSecurityOverview.md
Normal file
28
TracSecurityOverview.md
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
# Trac Security Overview
|
||||||
|
|
||||||
|
This is just a quick'n'dirty document to help users make informed decisions about the Trac.
|
||||||
|
|
||||||
|
|
||||||
|
## Recommendations
|
||||||
|
|
||||||
|
* Don't use a password which you use elsewhere. (See: Twitter incident) [Find ref.]FIXME:
|
||||||
|
* Don't expect the ticket database to be non-corrupt or reliable or persistent.
|
||||||
|
* Backup the ticket database and wiki pages regularly! Use snapshots so corruption does not overwrite correct data.
|
||||||
|
|
||||||
|
|
||||||
|
## Vulnerabilities
|
||||||
|
|
||||||
|
* HTTP without SSL means a passive attacker can see all your traffic (except password on login, see below).
|
||||||
|
* HTTP without SSL means an active attacker can do anything at all with your account privileges.
|
||||||
|
* Password reset over HTTP means the attacker knows your password with minimal effort.
|
||||||
|
* HTTP Auth uses Digest mechanism, which means (if implemented correctly):
|
||||||
|
* Attacker cannot learn your password during a login request.
|
||||||
|
* The database must store your plaintext password (in order to compute the correct digest). [verify.]FIXME:
|
||||||
|
* Anyone with file system read access to the machine also has all passwords.
|
||||||
|
|
||||||
|
|
||||||
|
## To Do
|
||||||
|
|
||||||
|
* Search for existing Trac security references.
|
||||||
|
* Verify that plaintext passwords are stored.
|
||||||
|
* Find Twitter incident ref (the short story is that there were no technical security flaws, but users used the same creds on an "unimportant" service as well as a different critical service, so the attacker could escalate the attack across services.)
|
Loading…
Reference in a new issue