NuSphere Forums Forum Index
NuSphere Forums
Reply to topic
DBG in a virtual server/ISP environment...


Joined: 08 Sep 2004
Posts: 2
Reply with quote
Is it possible to setup DBG to require a user to login for each DBG session? I am trying to figure out if this module is safe to add to a public linux based ISP virtual server (with about 100 users). I would like to set it up so each user can connect to debug scripts that they have access to without being able to debug other users scripts. Also, I need to be sure that non-users (or at least people without login info) don't have access to debug anything.

-Shaun
View user's profileFind all posts by shauncoSend private message
Site Admin

Joined: 13 Jul 2003
Posts: 8344
Reply with quote
Quote:
Is it possible to setup DBG to require a user to login for each DBG session?

with ssh tunneling you can require users to enter their passwords before they can start debugging. Firewall should be configured accordingly to let dbg module to connect to locally (127.0.0.1) running daemons only. Each user should be assigned with his own TCP port number.
PHPED/settings->debugger tab should be set hostname -> localhost, port -> any suitable, ssh client with appropriate socket forwarding (-R).
Read FAQ for further details.

Quote:
I am trying to figure out if this module is safe to add to a public linux based ISP virtual server (with about 100 users).

It can be considered safe if you use ssh tunelling.

Quote:
I would like to set it up so each user can connect to debug scripts that they have access to without being able to debug other users scripts.

Actually if you run virtual hosts (apache children) under corresponding user accounts and their htdocs have appropriate permissions, you have no risk if unauthorized people can debug scripts while they work with their own virtual host.
BTW, you're welcome at http://www.nusphere.com/contact_us/ if you have some thoughts about how to implement appropriate schema securely. At least we can discuss possible ways.
View user's profileFind all posts by dmitriSend private messageVisit poster's website


Joined: 08 Sep 2004
Posts: 2
Reply with quote
My ISP says that this seems like a hack... and I would agree. What is to keep other [local] users from compromising the system. DBG is a great tool, but I think some serious consideration needs to be put in to securing it.

-Shaun
View user's profileFind all posts by shauncoSend private message
DBG in a virtual server/ISP environment...
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT - 5 Hours  
Page 1 of 1  

  
  
 Reply to topic