Android Question RDC - authentication and security

[Harris]

The server config contains the DB user and password. What about accessing the RDC itself? We use the URL to the server to attach (with initialize). Is this secure?
Sure, SQL scripts on the server are a big help.
Should we devise our own method for allowing users on to the RDC before accessing the DB?

Anyone else have concerns?

Thanks

 

[Erel]

It is not possible to read the config file from outside.

We use the URL to the server to attach (with initialize). Is this secure?

What do you mean with secure? Do you want to hide this URL? You cannot. Users can always use a network monitoring tool to see the requests.

 

[warwound]

I think the concern is that anyone could in theory connect to the RDC server and execute write queries.
There's no authentication between client and RDC server.

This could lead to malicious hackers modifying tables or inserting bogus data.

Martin.

 

[Erel]

I think the concern is that anyone could in theory connect to the RDC server and execute write queries.

Note that the queries are set in the server config file. It is not possible to execute other queries.

You will need to implement the authentication process in your app.

You can then download the queries keys from the authentication server instead of hardcoding them in your app. A hacker will not be able to guess the queries keys.

 

[warwound]

Maybe some sort of security could be achieved:

• Create a new table 'auth_keys' with columns 'device_id' and 'auth_key'.
• Create a new command 'get_auth_key' that accepts a single parameter - a unique device id.
  The command returns the 'auth-key' column from 'auth_keys' table if it exists, or creates a new 'auth_key', inserts it into 'auth_keys' table and returns the 'auth_key' to the device.
• All defined write commands (INSERT, UPDATE etc) would have to accept an 'auth_key' parameter.
• All tables used by write commands would have to have an 'auth_key' column created.
• Now a trigger could be created on all tables used by write commands.
  The trigger could execute before the write command is executed, it'd check that the 'auth_key' in the write command exists in the 'auth_keys' table.
  If 'auth_key' exists in the 'auth_keys' table then the write command would be executed, otherwise the write command would not be executed.

That'd add some code and processing overhead to usage of RDC but provide a layer of authentication.

It'd not be entirely hack proof - a determined hacker could monitor network traffic and find the 'auth_key' being used by their device and the write commands being sent.
I'd guess the only way to prevent such hacks would be to use the HTTPS protocol to connect to the RDC server and that'd start to makes things much more complicated.

Martin.

 

[keirS]

Jetty on which RDC is based has Basic authentication built in to it. Perhaps Erel could release a version with it implemented?

 

[Erel]

Adding the basic authentication will not make any difference. If someone is running your app and monitoring the traffic then the authentication headers will be visible together with the link.