((( [logo]Racket )))Need Help?
AboutDownloadDocumentationPLaneTCommunityLearning

[plt-scheme] Looking for a security consultant with PLT web server experience

From: Noel Welsh (noelwelsh at gmail.com)
Date: Sat Oct 3 17:27:31 EDT 2009		 
Hi David,

I got your email to Untyped, but I'm replying on the list so there is
a public archive for future developers.

Regarding this:

On Sat, Oct 3, 2009 at 6:39 PM, David Storrs <david.storrs at gmail.com> wrote:
> we want someone who has experience dealing with the PLT web server, since
> it's new to us and we don't fully understand the security implications
> of stateful servlets.

There are the two kinds of servlets: so called "stateless" servlets,
meaning the continuation is serialised, and "stateful" servlets,
meaning the continuation is stored in memory and accessed by a key.
(You mention stateful servlets but you might not be using the
terminology in the same way as the web server docs, so I'll cover
both)

Addressing the later first, the main vector of attack is by guessing a
continuation key. The continuation key is encrypted IIRC, but to make
the system more secure you could also check, e.g. IP address or a
cookie or some other signing mechanism before serving the request. A
stateful servlet doesn't leak any more information than you let it, as
everything is in memory unless you choose to encode information in
e.g. form parameters.

A stateless servlet can potentially leak information, as the
continuation could be serialised to the client and could contain
sensitive information. The web server offers various ways around this.
One way is to store the continuations on disk (the key/value store in
the docs) and then address the continuation using a hash
("hash-addressed storage") that is sent to the client. The web server
also provides facilities to sign the hash so you can prevent
tampering. You might also want to encrypt the continuations on disk,
though this is possibly getting a bit excessive. You could also check
IP address etc. as for the stateful servlets.

Basically, both servlets provide facilities to ensure you don't leak
information, and if you want to make things even more secure you can
do so with a bit of additional effort.

HTH,
N.
Posted on the users mailing list.