On Mon, 2006-05-22 at 07:39 -0500, chrisisbd@leary.csoft.net wrote:
Only if the computer it's on is itself secure against attack as the files will be in unencrypted form. There's no way I'd do this on anything except my own machine at home and even then I'm not totally convinced it's a good idea. So the connection is secure but is the data itself secure?
Ok not sure how to do this but.....
You could have an encrypted loopback filesystem that holds the "secure" bit of your www root. Apache then serves an SSL page prompting for a passphrase which it then uses to unlock the key to mount the secure filesystem which it immediately umounts as soon as the page is transmitted. That way not only would your machine have to be compromised, they'd have to either hack Apache (or the clever scripting you use to do this) to hold the passphrase or sit and wait until you next looked at that page so that they could quickly jump in to the mounted volume and grab the data. If you did this with encrypted files rather than a volume then even better (but I guess that's pretty close to your initial suggestion, but without the requirement to build client stuff)
Now there's a project for someone.
It strikes me as unlikely that anyone will 'sniff' my communication with my home server - why would they? There's no way that they could determine that the data I'm transferring is useful. It's not at all the same as if I was using a web browser to access an internet banking site where there is a very large chance of signifcant data being transferred.
It's kind of hard to guess the most likely attack vector, but sniffing the network is a common one. For example any machine on the (presumably shared) network you are accessing the data from could have been compromised and may be being used to sniff traffic. Without SSL you have to consider the security of both your own system and the system you are accessing the data from as well as the security of the (public in this case) network the data is transmitted across.
Sniffing a network isn't always targeted or even always of malicious intent. Ask yourself if you would be comfortable with a random admin (at your current location or at your ISP) seeing the data as they were using ethereal to diagnose a network problem at the same time you were accessing your pages ?
On the other hand how secure is my home system itself against someone hacking into it and finding some files with passwords stored in them?
This is true. But then you'd have to assume if your machine was sufficiently compromised that the data had been as well. For example even if you held the data in encrypted disks or containers there is the possibility that your machine could be rooted and a keylogger installed to watch you type the passphrase when you access this data locally.
Apache in itself can be set up to be fairly hardened to an attack. Sure you could get caught out by a 0 day exploit or by miss-configuration but as you point out with the sniffing you're probably not that much of a target and it's generally only the older (and therefore hopefully patched) holes that get in the hands of script kiddies who will issue random attacks (and maybe fall upon your data as a result)
It just seems odd to be paranoid about 'sniffing' but not to encrypt the data on the computer which seems to me just as (if not more) vulnerable.
Not really, your computer is pretty much under your control (even more so because you are running Open Source Software) You are unlikely to be in a position to have the same control over the entire network you access the data from.
Having the passwords held in an encrypted container is good for protecting them against someone who has a one time access to the machine (for example if it gets stolen) but I think in your case having the files served by a carefully configured installation of Apache (perhaps even locked down by a firewall so you can only get to it from certain locations) and the transmission protected by SSL probably offers security at least as good as the security on the systems those passwords protect.