[ic] New SecureProtect directive to prevent sidejacking

Josh Lavin josh-ic at att.net
Fri Oct 29 22:28:52 UTC 2010 

New SecureProtect configuration directive (sidejacking fix)

Author: Mike Heins

This is a defense to "sidejacking", the collection of a session cookie 
by a host on an unsecure network. When SecureProtect is active, the 
UserDB login process creates a passhash of the encrypted password. This, 
along with username, login_table, and a "secret" set in the 
configuration, is used to check subsequent secure accesses to the catalog.

For background see: http://en.wikipedia.org/wiki/Session_hijacking

Essentially, it stores the passhash in a secure cookie. When the regular 
session cookie is next accessed, if the secure cookie hash does not 
match the server-generated hash, then the user is sent to the login page 
(defaults to this). A "destination" parameter (defaults to this) is 
passed with the URL of the original request, so you can redirect them 
back to it once they have re-authenticated (via mv_successpage and the 
like).

Here is the commit for the latest:
http://github.com/jlavin/interchange/commit/662413756b9d80079e0b467caf9e85ed4ba15e00

And here is one against 5.6 STABLE:
http://github.com/jlavin/interchange/commit/325749624cc9a1bbafda90e9914c64fbfbcab81f

To test, enable in catalog.cfg, login on a secure page, delete your 
secure cookie (but leave your session cookie), then visit a secure page. 
You should be asked to login (or whatever "page" is set to).

I haven't figured out how to edit documentation, so following is a POD 
(also attached).

--------

=head1 NAME

SecureProtect

=head1 Synopsis

In catalog.cfg:

     SecureProtect   active  yes
     SecureProtect   secret  VerySecureYESIAM

=head1 Description

This is a defense to "sidejacking", the collection of a session cookie 
by a host on an unsecure network. When SecureProtect is active, the 
UserDB login process creates a passhash of the encrypted password. This, 
along with username, login_table, and a "secret" set in the 
configuration, is used to check subsequent secure accesses to the catalog.

=over

=item active

Yes or No (or any Interchange YesNo value) to determine if SecureProtect 
is used. Default: no

=item page

The interchange page to relocate to. Default: login

=item secret

The "secret" hash to add to usename and other key values for security. 
If you change this, all your users will have to re-authenticate at a 
secure page. Change the default value, please.

=item keys

The session values to hash with the "secret" to build the hash value. 
Default is
username,login_table,passhash.

Shouldn't need to be changed, do so at your own risk.

=item destination

The CGI variable name to store the previous page ($CGI::path_info) in. 
Used to generate a redirect to the original destination upon 
re-authentication.

=item authexpire

The amount of time (in Interchange duration, ala SessionExpire) that you 
will allow one hashing to last. Default is 7 days. After that time 
without logging in, the user will be forced to re-authenticate.

=back

=cut


-- 
Josh Lavin
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: SecureProtect.pod
URL: <http://www.icdevgroup.org/pipermail/interchange-users/attachments/20101029/5f5ea9e4/attachment.txt>

More information about the interchange-users mailing list