Recommended security improvments

Recommended security improvments

Postby baba » Sat 08 Aug 2009 11:25

Hello,

I went thru your first version of the SSL.
At that time you could use a P12 file, encoded and certified.

I liked that solution because no private information existed on the hard disk in clear. Only in memory ! This is the simplest and safest solution.

But the last version you show me like :
PgSqlConnection conn = new PgSqlConnection("user id=postgres;password=postgres;host=localhost;");
conn.SslOptions.CACert = "E:\Test\root.crt";
conn.SslOptions.Cert = "E:\Test\client.crt";
conn.SslOptions.Key = "E:\Test\client.key";
conn.SslOptions.SslMode = SslMode.Require;
conn.Open();

has got an horrible drawback : the information are to be provided in clear, an the hard disk.

This lead to 3 questions :

1) Why the encoded P12 method, which was safe in my opinion, has been removed ?
2) Why don't you accept the certificate/key from a stream or a byte[] or a string ? Chilkat Software offer free libs to extract the cert/keys from pem or p12 to memory objects.
3) The root certificates are to be stored in the system. C#/.NET infrastructure allow a certificates to be automatically checked against the stored certificates. See my Appendix.

For me, there is an absolute opposition between SECURITY and KEYRINGS LYING ON THE CARPET IN THE MIDDLE OF THE LIVING ROOM.

I hope you will find a solution, but we would have to go back to some other ssl tunnel technique if you maintain thoses exposed methods.


seb

APPENDIX:
// If it has not been done yet, record your root certificate...
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
.....
X509Store store = new X509Store( StoreName.Root, StoreLocation.CurrentUser );
store.Open( OpenFlags.ReadWrite );
X509Certificate2 certificate = new X509Certificate2( );
X509Certificate2 certificate1 = new X509Certificate2( Environment.GetFolderPath( Environment.SpecialFolder.ProgramFiles )+@"\briosoft\cacert.cer" );
X509Certificate2Collection col = store.Certificates;
Boolean noup=false;
foreach( X509Certificate2 c in col ) {
if( c.GetCertHashString( ) == certificate1.GetCertHashString( ) ) {
noup = true;
break;
}
}
if( !noup ) {

XtraMessageBox.Show( "Pour assurer la confidentialité, nous allons maintenant\r\n"
+"procéder à une opération qui requière votre intervention.\r\n"
+"Un écran va s'ouvrir après celui-ci et vous demander votre accord.\r\n"
+"Vous allez donner votre accord une fois pour toute.\r\n"
+"\r\nPour continuer, cliquez sur le bouton SVP...",
"Installation du certificat de cryptage BRIOSOFT", MessageBoxButtons.OK, MessageBoxIcon.Asterisk );
store.Add( certificate1 );
}
store.Close( );

With this, your first method (4.50.29) works perfectly)
baba
 
Posts: 22
Joined: Thu 14 Apr 2005 16:40

Postby Shalex » Thu 13 Aug 2009 07:07

We will investigate the issue and notify you about the results as soon as possible.
Shalex
Devart Team
 
Posts: 7659
Joined: Thu 14 Aug 2008 12:44

Postby Shalex » Thu 03 Sep 2009 10:18

1) and 3): We have rejected the .NET Framework approach of SSL (with a P12 file) because we have encountered some technical difficulties during the implementation. We are using the OpenSSL approach with dotConnect for PostgreSQL instead at the moment (with root.crt, client.crt and client.key) like dotConnect for MySQL has. We will make deeper investigation of the issue and notify you about the results as soon as possible.

2) We will consider adding such interface (stream / byte[] / string) to work with certificates and keys in the nearest future.

Also we will investigate the possibility of using certificates storage for authenticity checking of server's certificates.

Thank you for your suggestions. We will notify you about the results.
Shalex
Devart Team
 
Posts: 7659
Joined: Thu 14 Aug 2008 12:44

Some news ?

Postby baba » Mon 28 Sep 2009 15:43

I read your answer :

I am very sad my points 1 and 3 were rejected, but as a developer myself, i will accept this.

If you set up a way to provides the certificates as byte[]/String/Stream to your lib, i will solve (with some additionnal code on my side) the problem. I apreciable, i would publish my snipets in this forum record a CA certificates by code, open a P12 by code IN MEMORY and feed your lib with the results.

I have got confirmation from my customers that they would not accept to write anywhere on a disk such sensitive information like the private key.

I saw you published a new version. Nothing about the present topic in this version ? Will you mention any change in the version log ?

Seb
baba
 
Posts: 22
Joined: Thu 14 Apr 2005 16:40

Postby Shalex » Fri 02 Oct 2009 16:04

We will investigate the possibility of the byte[]/String/Stream interface implementation and notify you about the results as soon as possible.

The current version doesn't contain this functionality. If we implement any changes regarding this issue, I will post about them here.
Shalex
Devart Team
 
Posts: 7659
Joined: Thu 14 Aug 2008 12:44

Re: Recommended security improvments

Postby Shalex » Fri 08 Jun 2012 16:12

New build of dotConnect for PostgreSQL 6.0.17 is available for download!
It can be downloaded from http://www.devart.com/dotconnect/postgresql/download.html (trial version) or from Registered Users' Area (for users with active subscription only).
For more information, please refer to http://forums.devart.com/viewtopic.php?f=3&t=24292 .
Shalex
Devart Team
 
Posts: 7659
Joined: Thu 14 Aug 2008 12:44


Return to dotConnect for PostgreSQL