Re: [phplib] scripthash v0.2 From: John Sutton (john <email protected>)
Date: 12/06/00

Hi Brian

Good to get a response! I'm not sure if either people aren't interested in
this, or they don't understand it, or they do understand it but believe it to
be fatally flawed! Whatever the case, it would be good to get some feedback!

Have you tried to install it yet? Perhaps you could let me know if there are
any difficulties there?

At risk of boring you senseless, I'll take this opportunity to describe more
clearly what the extension is about!

The underlying idea is very simple - to provide "real uid" services to php
scripts running in mod_php. If you are running php as cgi, then of course you
can use suexec to solve this problem. For example, it you need a password you
can safely put this in the script itself and chown the script so that it is
only readable by the User associated with this VirtualHost. Since cgi php
running under suexec will run as this User, it will be able to read the script
containing the password, but nobody else will be able to read it.

Once you are running php as an apache module, the situation is entirely
different. Since all scripts run as the same uid (typically "nobody") we can no
longer use this as the means to "hide" passwords. So, what if instead of
putting the password for each user into that user's php script, we give all
the passwords to a password server and let the php script contact the server
when it needs the password?

Well, all we've achieved thereby is to move the problem! Because the problem
now is: how does the password server know the "identity" of the process which
is requesting a password. Unless it can identity the process, it cannot safely
hand out a password. This is where scripthash comes in.

Scripthash enables a php script running under mod_php to identify itself to an
external server. It does this by generating an MD5 hash of the "identity of
the script" and a secret. By "identity of the script" I mean various things
like the unix owner and group of the script, the permissions of the script, the
path of the script, etc. It is entirely up to the server how it interprets
this "identity" information. The point is, the server can rely on this
identity (i.e. safely assume that it has *not* been faked) because of the
existence of the secret.

The whole thing hinges on the security of the secret. That is, that only
apache and the external server(s) know this secret, and moreover, within apache,
only the php internal function scripthash() can access this secret.

Regards
John

On Wed, 06 Dec 2000, you wrote:
> Hi John,
>
> Im sorry if i missed anything. Whats this scripthash? Sounds good!
>
> brian
>
>
> ----- Original Message -----
> From: John Sutton <john <email protected>>
> To: <php-dev <email protected>>; <phplib <email protected>>
> Sent: Wednesday, December 06, 2000 1:54 AM
> Subject: [phplib] scripthash v0.2
>
>
> > Hi
> >
> > I've just uploaded second version (0.2) of scripthash module to
> > http://www.scl.co.uk/scripthash. This fixes a couple of minor oversights
> in
> > v0.1 ;-) See Changelog at end of README.
> >
> > Still need some help writing decent servers...
> >
> > ***************************************************
> > John Sutton
> > SCL Computer Services
> > URL http://www.scl.co.uk/
> > Tel. +44 (0) 1239 621021
> > ***************************************************
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: phplib-unsubscribe <email protected>
> > For additional commands, e-mail: phplib-help <email protected> 

-- 

***************************************************
John Sutton
SCL Computer Services
URL http://www.scl.co.uk/
Tel. +44 (0) 1239 621021
***************************************************

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>