There probably is some solution to this, whether it involves code running on just the wordpress installation or a combination of a wordpress installation and a master server I am not sure yet, but please remember not to have tunnel vision and consider any and all possible solutions:
The scenario is this: A WordPress plugin (plugin-A) that manages some sort of valuable data (something that the admin would not want stolen), lets say, lead data with user's name and email addresses, the plugin uses its own db tables.
Other than the obvious (which is the admin installing plugin-B, not knowing its malicious intent), what is to prevent another WordPress plugin (plugin-B) from accessing plugin-A data or hacking plugin-A files to circumvent security.
Trouble is, you'll be trying to protect the system from something that is running within it - the very nature of a WordPress plugin is that it has;
Database name, username and password, along with...
An active database connnection, with which it could easily query to find all tables and their structures, no matter how obscure
It is running inside the WordPress script, and has access to all globals, functions and classes
If the data you're working with is that sensitive, or you simply don't want to run the risk, don't allow plugins (at least not without checking the source code first).
Related
I wrote an app for my customer in Symfony2 and we went public with that. However, I am learning right now that he had a separate Wordpress app within previous server to manage some separate product.
Now, he asks that we transfer that WP app on a new server. Being all security in mind, I cannot feel but nervous about potential impact here. I am to have the following URL setup:
www.myclientapp.com
www.myclientapp.com/some-wp
What are my options here? I can think of some, but any suggestion would be helpful.
Buy separate shared hosting and put WP there. Then do redirection from our website.
My VPS server runs with nginx and php-fpm. Can I utilize separate pools which would run under different user. I would need to review access privileges to Symfony's files.
In any case I would allocate separate mysql user and database. Those wold be enforced by strict privileges which prohibit access to my primary database.
Can you guys think of anything else?
My primary goal is: If WP is vulnerable, let it be. Under no circumstances I would allow it to compromise my Symfony2 app. I am primarily concerned about configuration files (app/config/*.yml) which contain sensitive data.
I will recommend that you use something like a sub-domain eg wp.symfony.com.
They may still be hosted on the same server, but using different virtual host directories.
With that, the apps will never see each other.
A way is running symfony under a different php-fpm user than the WP website and make sure the file/directory rights are set correctly. Then a WP exploit cannot write/read to the symfony files depending on the directory/file rights.
A better way is to use the php config open_basedir and isolate the two sites into their own "jails" this way PHP prevents including/reading files from other websites. See http://php.net/manual/en/ini.core.php#ini.open-basedir for more information.
For this to work the code should be separated into different directories, you can use nginx aliases or virtualhosts to point the domainname to the correct directory.
I'm developing a Wordpress plugin that requires API credentials for Facebook.
Ordinarily I'd advise the users of the plug-in to sign up for their own API keys and allow them to be entered as plug-in options, however this plug-in requires extended permissions. Which as I'm currently in the process of finding out are an absolute ball-ache to get, take up-to 7 businesses days to have reviewed and the reviewers don't actually read the requested instructions on how the application is being used.
Can I write a plugin that is basically a wrapper around my hosted version of the code, this way I can allow users of the plugin the benefits of the extended permissions without giving away my APP ID and APP SECRET
Thinking something like...
require_once("https://www.myplugin.com/FacebookPlugin.php");
Here's the obvious problem, this wouldn't work for hosted versions of Wordpress as they don't have access to plug-ins anyway and I believe it would require the owner to allow remote file inclusion, which is putting a lot of trust in me as the host of the remote file not to execute nasty scripts on their server.
So how do I offer the functionality of my plugin to other users?
I think this question is closely related to this question.
I do not think there's more you can do, except still having your separate server which can be triggered using HttpRequest::send from within the plugin, and ship encrypted Keys from there each time somebody is accessing your plugin.
Might be a performance-Killing approach, though, especially if your server is not that fast.
I've been working on a site (for my company) to allow selected data center users to remotely access a scheduling calendar and some pages offering information on the various servers they are coming to the site to access--on a separate site. Initially, I was under the impression that I'd be creating a database and registration page to add, authorize or track end users. My initial project coding has been a combination of HTML, PHP, CSS, and MySQL and Apache for the database side. Now I've been told that we will be using AD, tied into our company's official Active Directory, so that users can use the same IDs and passwords that they've already had approved by our company.
My question is (hopefully) simple. Is there a certain web programming language that I should use in creating the pages that works better with Active Directory than others?
If you are comfortable with PHP, you should be able to achieve the above no problem!
The beauty of PHP is that someone somewhere along the line had the same problem as you so chances are, there's an established solution already.
adLdap seems to be a good solution, a library that already does most of the hard work for you and all you'd need to do would be integrate it into your script!
See: http://adldap.sourceforge.net/wiki/doku.php?id=documentation_user_functions
Hopefully this can make it a little easier for you so you can concentrate on the other things like the actual functionality of the website itself.
I am tasked with writing a relatively small and simple PHP web app which will use a small database. Authentication for this will be through randomly generated hex keys in the query string which are generated by an administration page and emailed to desired users.
This is all fine so far, but here's the catch:
For various political reasons, we are forced to make this app a Moodle module. I can use the Moodle database in MySQL, but I will be working with my own tables which do not interact with Moodle, and Moodle will not interact with my tables. I must also to use the Moodle database abstraction rather than direct PHP->MySQL access.
I do not want my users to know they are operating within Moodle. They shouldn't need to log in to Moodle to access my web app, and they probably won't have access to Moodle anyway. Those users who do have access to Moodle shouldn't see this web app in their list of Moodle functions.
I've thrown together a few small PHP pages, included some Moodle libs, and placed the code in the moodle/mods directory. Accessing the PHP pages on the server with the URLs directly result in a Moodle error, since I'm not accessing the module through proper channels. I get the "Incorrect access detected" error.
Is what I'm tasked to do even possible? If so, how is the best way to accomplish it? Do I need to write an authentication module and then an activity module? Is there any way to bypass all of Moodle's authentication and simply use the database abstraction without editing the core Moodle configuration files? (I know it's possible by modifying the Moodle code, but that is sadly not an option).
I have plenty of PHP experience, but I only have about 4 hours of Moodle experience and I'm getting nowhere fast.
It sounds to me that you might be trying to access the script while coming in from a host other than what poodle has specified in its config file. You could try dumping you http_host and noodles wwwroot to see if the line up. I'm less familiar with 2 than 1.9 but you might be able to define abort_after_config then include config then change the cfg wwwroot then define abort_after_config_cancel then include setup. Otherwise you could spoof the host otherwise you can delete the check in Tue lib/setup.pup file
Not sure quite what you are trying to achieve here but any of the following may work.
(1) If you have a stand-alone platform you want delivered within an LMS framework then you might offer a counter proposal of developing it in your preferred environment but wrapping it in LTI. Moodle can then deliver it via the External Tool plugin and you can get two-way communications between the two for authentication and tracking.
(2) Doing it in Moodle
Create an authentication with a login_hook and make sure this is is moved to the top of the authentication plugins list so that it is checked first before the others. Use the hook to process the hex key (as GET or POST parameter) or take you to an alternate process and return true (or create session). You could also use the 'alternative login page' in the authentication settings alongside this plugin hook. This should take of authentication.
If enrolment is not an issue then create your plugin as a local plugin (not mod) and use the above hook to redirect to this page after login. This gives you a bit more flexibility in the libraries you use and you can still use front-page enrolments if necessary as a workaround. If you really need enrolments, course roles, and gradebook then use a mod to leverage these. There is a single activity course format in the latest Moodle that gives you a format to run just your bespoke activity on its own.
Finally develop your own layout type in the theme for the local plugin if using that or for the course and incourse layouts if using courses so that you can control what of the standard Moodle navigation and structure you want.
If the plugin is sharing a Moodle already being used for other activities then you'll need to be sensitive to this. If you're just running your own thing then it will be much easier.
(3) Use Web Services to get what you want from Moodle in your own App.
I have the newest wordpress installed in "example.com".
If I create the folder "example.com/my-app/" and there run index.php which fetches data from mysql, but not from the wordpress database (different user, different db), is there a security issue?
And if someone hacks into my wordpress account can they read the php files in "my-app/"?
If I create the folder "example.com/my-app/" and there run index.php which fetches data from mysql, but not from the wordpress database (different user, different db), is there a security issue?
Not as such, no.
And if someone hacks into my wordpress account can they read the php files in "my-app/"?
I think so. As far as I know, in the default setting, Wordpress does not offer the possibility of entering PHP code that gets executed, but there are plugins for that, e.g. Exec-PHP.
Seeing as an administrator can install such a plugin (or simply write one themselves) you have to assume that it is in fact possible to read and write PHP files from within Wordpress if somebody gains access to the administrator account.