[NCUC E-team] E-team moving forward

James Gannon james at cyberinvasion.net
Mon Apr 24 19:07:23 CEST 2017


Yup the topic of comments and community use and interaction on the site needs to be discussed.
If we do want that (And I support it, I think it would be best to have a discourse instance for that to be managed on to remove the risks outlined below. A discourse instance is in the backlog on the Trello also)

-J

-----Original Message-----
From: E-team [mailto:e-team-bounces at lists.ncuc.org] On Behalf Of Tapani Tarvainen
Sent: Monday, April 24, 2017 11:59 AM
To: e-team at lists.ncuc.org
Subject: Re: [NCUC E-team] E-team moving forward

On Apr 24 09:51, James Gannon (james at cyberinvasion.net) wrote:

> And I'll note that I raised issue with Tapani on the use of the PHP 
> plugin that was why he sent the mail to the list, I don’t like using 
> PHP injection even via short code as I see it as a security risk

Using Wordpress in the first place is a security risk. :-)

As for risks with this particular plugin:

* There could be bugs in the plugin code, of course. I don't see
  that as significantly more likely or dangerous than bugs in other
  plugins or the theme used, in particular not the kind of bugs that
  could result in a security hole.

* There could be bugs in the actual PHP snippets used. This would be a
  real danger if the snippets were large and complicated or poorly
  written and accessible from without. The ones I now used, however,
  are very simple and take no input from outside the server itself.
  (I did think about possible attack vectors. I couldn't come up with
  anything even close as likely as a zero-day in WP core or Apache.)

* As far as I know there're no plans to allow comments or any other
  arbitrary input from unauthorized sources, so even if the snippets
  were buggy they could not be triggered in unplanned contexts by
  attackers. (In general, comments and other free-to-world input forms
  are the primary entry point for vast majority of website attacks.
  Without anything like that security is much easier.)

So I think the risk in case is acceptably small.

And the site isn't in production yet, and this was a quick, easily reversible change.

But of course we could do without the plugin or any other PHP code insertion mechanisms if we want.

Besides the working team / mailing list sync now in place, the other use for the snippets would be member listings and statistics.
If we decide those aren't needed then the problems goes away.

Or we could use some other mechanism for doing those. I can think of a few, generally either more laborious to do or compromises in one way or another. But I've obviously no objection if you want to implement this in a safer way.

--
Tapani Tarvainen
_______________________________________________
E-team mailing list
E-team at lists.ncuc.org
http://lists.ncuc.org/cgi-bin/mailman/listinfo/e-team


More information about the E-team mailing list