Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Autoupdate and security.

Status
Not open for further replies.
robdon

robdon

Programmer
May 21, 2001
252
ES
Hi,

I am coding in an AutoUpdate feature into my application that downloads and updates my application automatically.

Basically, every time my app starts it checks a web address and downloads a text file that lists the current version for download and all the files that need to be downloaded and which one to run first to install it.

If the web current version is greater than the installed app, then it downloads the listed files to a temp dir and then executes the flagged file to install.

Is this an 'OK' way of doing things???

I'm a bit worried that if my web site got hacked and someone managed to figure it all out they could plant some virus files in the download dir, and then anyone running my app will download them and run them.

Or is that a bit paranoid??

I thought of encrypting the first text file that instructs my app what to download and install, to make it harder to attack.

Thanks for any opinions,

Rob D.
 
Sort by date Sort by votes
Just some thoughts of mine.

Well you would certainly want to go for some kind of encryption and authentication for the very reasons you state. Accepting a binary in clear text from just anywhere is an open door.

Look into various challenge response schemes which attempt to authenticate the other end. Ensure that whatever random element you choose does not repeat itself, since this potentially allows for replay attacks.

And of course encrypt the actual binary file you download with a good publicly available algorithm.

Generate keys on a secure non-networked machine which is only accessible on a need to know basis.

> I'm a bit worried that if my web site got hacked and
Run the update server on a dedicated machine stripped of absolutely everything which is non-essential to the task at hand. Each non essential service is a potential route into the system, so the fewer you have the better. This includes stripping out all non-essential 'guest' type accounts as well. If possible, set 'root' to be only accessible from the system console (the keyboard/monitor physically attached to the machine). You don't want any kind of remote admin, however tempting that may seem to you.

My suggestion would be some kind of Linux / BSD box setup as follows
- all programs, and your download data on a read-only file system. Should they manage to get in, it will be much more difficult to actually change anything if the filesystem is read-only.
- all permanent log files are set to append only, which should make it more difficult to cover tracks should they get in.
- all temporary files should be in a RAM file system (if you have plenty of RAM to hand), or if it is on disk, then it should be routinely wiped at every reboot.

--
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
820
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
604
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
507
Nitta84
Nitta84
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
150
gbayi_omo
gbayi_omo
abhi21
  • Locked
  • Question
Interesting article on Cyber Security
Replies
0
Views
151
abhi21
abhi21

Part and Inventory Search

Sponsor

Back
Top