HackerLangs
TopNewTrendsCommentsPastAskShowJobs

vvanpo

159 karmajoined 8 ปีที่แล้ว

Submissions

Integrity of a Shared Filesystem

uncultu.red
1 points·by vvanpo·5 เดือนที่ผ่านมา·0 comments

comments

vvanpo
·3 ชั่วโมงที่ผ่านมา·discuss
They don't stop you from seeing the stars, but I find them very distracting. Makes the experience of looking up at the stars on a quiet night less peaceful, I find.
vvanpo
·4 ชั่วโมงที่ผ่านมา·discuss
How many applications actually do, though? At most places I've worked it's common to integrate a schema migration tool (flyway, liquibase) that requires DDL, and I've never seen anyone go to the effort of splitting out an ephemeral instance to run the migration with a separate database connection configuration.
vvanpo
·4 ชั่วโมงที่ผ่านมา·discuss
Building an application that is immune to attack defeats all possible attack scenarios, yes. But no application is perfect or immune to all possible attacks, the concept of defense-in-depth is an acknowledgement of this.
vvanpo
·5 ชั่วโมงที่ผ่านมา·discuss
As explained in the article this wouldn't work, because changing your org means your stored hash is no longer valid (as the org is incorporated in the hmac), and you can't generated your own hashes because you're missing the pepper. So after changing your org all subsequent requests would fail.
vvanpo
·5 ชั่วโมงที่ผ่านมา·discuss
A pepper is just a salt that is "secret", i.e. not stored next to the hashes being salted. It indeed provides the desired defense-in-depth, in that a breach of the database does not allow spoofing requests to the application; a successful attack would require both an exploit giving database access as well as an exploit exposing the secret pepper. But this is just a result of splitting state across multiple data stores---you could theoretically split data across n databases which would require an attacker to find n exploits. As such I don't fully agree with their conclusion that "database state alone should not be able to grant authentication": just because you store application-wide secrets elsewhere doesn't mean it's not part of the application state, and isn't stored in a database.

For most monolithic applications I think the whole issue is be a bit moot; if the rest of the application state is in the primary database, then an attacker with database access could presumably accomplish anything without the need to spoof another user at the authentication layer.

Lastly, this scheme doesn't provide any mechanism for rotating the pepper.
vvanpo
·4 เดือนที่ผ่านมา·discuss
It sounds like there is a story here, have you written about this somewhere?
vvanpo
·5 เดือนที่ผ่านมา·discuss
How does this compare to FOKS (https://foks.pub)? Do both projects accomplish similar goals?

Edit: I see that this is primarily intended for federated social networks, but should be reusable for other uses. However for other e2ee systems (e.g. messaging, filesystems) where hiding your social graph is important, wouldn't a key directory be able to infer (part of) your social graph by recording which lookups you make? What's the best way to mitigate that?