On 04/22, Oscar Ibañez via Tech-talk wrote:
> I have been discussing this situation with other people and, as a
> consequence of that, we need to accept that the only real security comes
> from the OS user management system. So, we have made the decision of
> studying the problem from another perspective. It is this: because we cannot
> change the OS user account, we would accept a solution where we could avoid
> accidental manipulations. For example:
>
> Imagine that we have a widget to control the intensity of a beam. That is
> the kind of thing that people are not going to modify continuosly and, of
> course, not everybody must change it. So, if a person needs to change it,
> that person has to know a password. Obviously, if that person wants to
> create problems, he/she can always bypass the control using any of your
> proposed alternative mechanisms (i.e: using caput from the command line).
>
> I have seen that there is a method known as "showPasswordDialog()" inside
> ScriptUtil. But it is something that needs to be checked in the Python code.
> Maybe a solution involving a file with password hashes would be
> better.However, it would be pretty easy to hack. Just changing the file
> content.
>
> Any suggestions will be welcomed.
I can't help with Phoebus specifically because I haven't used it, but
based on
https://control-system-studio.readthedocs.io/en/latest/app/display/editor/doc/scripts.html?highlight=scripting
it supports Python 2.7 and JavaScript 1.7 scripting by way of a script
that can be attached to a widget or display, and it says that the script
can call Java code, so you should be good to go.
As far as your password authentication mechanism goes, I
would suggest that you store your passwords salted and hashed
(using a cryptographically-random salt) in a file (e.g.,
/etc/local/phoebus/auth.db). The format of the file could be line
records of the following form:
<username>:<salt>:<encoded-hash>
You should use a strong and slow hashing algorithm such as bcrypt
or Argon2 (Argon2id). You should do the hash compare using a
length-constant-time algorithm. And you should use an array of chars or
bytes for the password and other things that you can zero out once you
don't need them instead of letting them linger in memory. This is all
overkill, of course, for a system that's not secure anyway.
Lewis
- References:
- What is the best (and simple) way to implement security in a Phoebus solution? Oscar Ibañez via Tech-talk
- Re: What is the best (and simple) way to implement security in a Phoebus solution? J. Lewis Muir via Tech-talk
- Re: What is the best (and simple) way to implement security in a Phoebus solution? Oscar Ibañez via Tech-talk
- Re: What is the best (and simple) way to implement security in a Phoebus solution? J. Lewis Muir via Tech-talk
- Re: What is the best (and simple) way to implement security in a Phoebus solution? Oscar Ibañez via Tech-talk
- Navigate by Date:
- Prev:
Re: RPM packages for EPICS Michael Davidsaver via Tech-talk
- Next:
Re: RPM packages for EPICS J. Lewis Muir via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
<2021>
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: What is the best (and simple) way to implement security in a Phoebus solution? Oscar Ibañez via Tech-talk
- Next:
RPM packages for EPICS Hu, Yong via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
<2021>
2022
2023
2024
|