[Sugar-devel] Schoolserver security

[Martin Langhoff]

On Sat, Jul 3, 2010 at 8:09 AM, Bernie Innocenti <bernie at codewiz.org> wrote:
> El Thu, 01-07-2010 a las 20:55 -0600, Daniel Drake escribió:
>> Child connects to a network, perhaps just to go online outside of
>> school. The network has an XS. The laptop registers. The journal is
>> backed up to the server.
>
> Ok, this is a serious security issue.

Ho hum. Remove the "serious" and I'll agree. Low pri at the moment.

> How about asking the user to confirm registration to an unknown server,
> like ssh does? For slightly improved security, we could hash the ssh
> fingerprint to a color pair, so the teacher could say "your schoolserver
> is blue and red, don't register to any other".

Nope. It'd be easy to "brute force" ("gentle force"?) to get the
appropriate colours. As you've already figured out, asking a 6-y-o to
check an ssh fingerprint is not the fix either...

A real fix is to upgrade the reg protocol to be signed -- we can copy
the OAT protocol, and use/reuse the OAT keys.

To be "secure" then, the XS needs to have a valid OAT delegation.

> plenty of scary webapps.

*You* are a scary webapp ;-)

In more serious terms, I hope you can tone down the level of scare
about security. For starters: We don't handle bank acct or CC info.
And we don't require users to login to their own user sessions.

cheers,



m
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff