Recommended security improvments
Posted: Sat 08 Aug 2009 11:25
Hello,
I went thru your first version of the SSL.
At that time you could use a P12 file, encoded and certified.
I liked that solution because no private information existed on the hard disk in clear. Only in memory ! This is the simplest and safest solution.
But the last version you show me like :
PgSqlConnection conn = new PgSqlConnection("user id=postgres;password=postgres;host=localhost;");
conn.SslOptions.CACert = "E:\Test\root.crt";
conn.SslOptions.Cert = "E:\Test\client.crt";
conn.SslOptions.Key = "E:\Test\client.key";
conn.SslOptions.SslMode = SslMode.Require;
conn.Open();
has got an horrible drawback : the information are to be provided in clear, an the hard disk.
This lead to 3 questions :
1) Why the encoded P12 method, which was safe in my opinion, has been removed ?
2) Why don't you accept the certificate/key from a stream or a byte[] or a string ? Chilkat Software offer free libs to extract the cert/keys from pem or p12 to memory objects.
3) The root certificates are to be stored in the system. C#/.NET infrastructure allow a certificates to be automatically checked against the stored certificates. See my Appendix.
For me, there is an absolute opposition between SECURITY and KEYRINGS LYING ON THE CARPET IN THE MIDDLE OF THE LIVING ROOM.
I hope you will find a solution, but we would have to go back to some other ssl tunnel technique if you maintain thoses exposed methods.
seb
APPENDIX:
// If it has not been done yet, record your root certificate...
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
.....
X509Store store = new X509Store( StoreName.Root, StoreLocation.CurrentUser );
store.Open( OpenFlags.ReadWrite );
X509Certificate2 certificate = new X509Certificate2( );
X509Certificate2 certificate1 = new X509Certificate2( Environment.GetFolderPath( Environment.SpecialFolder.ProgramFiles )+@"\briosoft\cacert.cer" );
X509Certificate2Collection col = store.Certificates;
Boolean noup=false;
foreach( X509Certificate2 c in col ) {
if( c.GetCertHashString( ) == certificate1.GetCertHashString( ) ) {
noup = true;
break;
}
}
if( !noup ) {
XtraMessageBox.Show( "Pour assurer la confidentialité, nous allons maintenant\r\n"
+"procéder à une opération qui requière votre intervention.\r\n"
+"Un écran va s'ouvrir après celui-ci et vous demander votre accord.\r\n"
+"Vous allez donner votre accord une fois pour toute.\r\n"
+"\r\nPour continuer, cliquez sur le bouton SVP...",
"Installation du certificat de cryptage BRIOSOFT", MessageBoxButtons.OK, MessageBoxIcon.Asterisk );
store.Add( certificate1 );
}
store.Close( );
With this, your first method (4.50.29) works perfectly)
I went thru your first version of the SSL.
At that time you could use a P12 file, encoded and certified.
I liked that solution because no private information existed on the hard disk in clear. Only in memory ! This is the simplest and safest solution.
But the last version you show me like :
PgSqlConnection conn = new PgSqlConnection("user id=postgres;password=postgres;host=localhost;");
conn.SslOptions.CACert = "E:\Test\root.crt";
conn.SslOptions.Cert = "E:\Test\client.crt";
conn.SslOptions.Key = "E:\Test\client.key";
conn.SslOptions.SslMode = SslMode.Require;
conn.Open();
has got an horrible drawback : the information are to be provided in clear, an the hard disk.
This lead to 3 questions :
1) Why the encoded P12 method, which was safe in my opinion, has been removed ?
2) Why don't you accept the certificate/key from a stream or a byte[] or a string ? Chilkat Software offer free libs to extract the cert/keys from pem or p12 to memory objects.
3) The root certificates are to be stored in the system. C#/.NET infrastructure allow a certificates to be automatically checked against the stored certificates. See my Appendix.
For me, there is an absolute opposition between SECURITY and KEYRINGS LYING ON THE CARPET IN THE MIDDLE OF THE LIVING ROOM.
I hope you will find a solution, but we would have to go back to some other ssl tunnel technique if you maintain thoses exposed methods.
seb
APPENDIX:
// If it has not been done yet, record your root certificate...
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
.....
X509Store store = new X509Store( StoreName.Root, StoreLocation.CurrentUser );
store.Open( OpenFlags.ReadWrite );
X509Certificate2 certificate = new X509Certificate2( );
X509Certificate2 certificate1 = new X509Certificate2( Environment.GetFolderPath( Environment.SpecialFolder.ProgramFiles )+@"\briosoft\cacert.cer" );
X509Certificate2Collection col = store.Certificates;
Boolean noup=false;
foreach( X509Certificate2 c in col ) {
if( c.GetCertHashString( ) == certificate1.GetCertHashString( ) ) {
noup = true;
break;
}
}
if( !noup ) {
XtraMessageBox.Show( "Pour assurer la confidentialité, nous allons maintenant\r\n"
+"procéder à une opération qui requière votre intervention.\r\n"
+"Un écran va s'ouvrir après celui-ci et vous demander votre accord.\r\n"
+"Vous allez donner votre accord une fois pour toute.\r\n"
+"\r\nPour continuer, cliquez sur le bouton SVP...",
"Installation du certificat de cryptage BRIOSOFT", MessageBoxButtons.OK, MessageBoxIcon.Asterisk );
store.Add( certificate1 );
}
store.Close( );
With this, your first method (4.50.29) works perfectly)