1

I'm building a (very simple) tool to communicate between two servers. I started by asking if there was a better alternative than making a home made scripts and we came to the conclusion that for starter, a home made script was enough. (On stack-overflow, but since the discussion only occured in the comments, the question was closed)

To set things clear, the project is to send request to a server (web app endpoint) from a web app (manager).

Since the endpoint is accessible from everyone, I implemented a verification system to be a bit more secure. I know that a secure system is something that is known from everyone (and not closed).

So here's what I do :

When the manager sends a request, it concatenate all the value of the parameters that will be POSTed, plus a token. Then it sha256 the resulting string and send this among the parameters as a checksum.

On the endpoint, I concatenate all the parameters (except the checksum) and add the secure token, do a sha256 and compare it with the checksum parameter. If they are the same, everything's good.

This ensure that the data submitted aren't modified (in case someone is listening the network), the data come from a trusted source (with the secure token that is normally only known from my apps).

The only risk I can see here, is if someone get the secure token. Then this protocol fails. But in the same idea, if someone gets my facebook password for instance, he will be able to post anything!

Is this enough ? Do I need to implement more steps. I thought about these ones, what do you thing :

  1. Adding https in the endpoints
  2. Verifying the source ip

Thank you

Cyril N.
  • 2,649
  • 2
  • 18
  • 28
  • You should be aware of risks of using plain hash functions for authentication, such as issues like length extension attacks. HMAC is designed to protect against things like this, and is much safer to use. – Natanael Oct 22 '14 at 17:55
  • HMac is interesting, coupled with sha256, even better. But is this enough ? – Cyril N. Oct 23 '14 at 07:20
  • Not necessarily, but it would help a lot. Add the others said, you should add an encryption layer for the communication too – Natanael Oct 23 '14 at 18:42

1 Answers1

3

You are relying on "security through obscurity", and implementing this type of security is never a good idea.

You can create a vastly more secure and easier solution by implementing SSL (or TLS) on your solution. Here is a very good tutorial on Stunnel:

  • you install stunnel

  • create custom certificates

  • encrypt everything transparently

Using stunnel you can treat all data in clear text, without adding complexities like encryption, encoding or authentication.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142