I have commented in the past on the generally low security level of Microsoft ASP.Net web applications which stems from the closed Microsoft monoculture and a product strategy that prioritizes ease of use over security and privacy by hiding features and functionality from the user.
In the course of a security audit/penetration test of a social networking Web site this week that was developed and deployed on Ubuntu, I was reminded yet again that we all have something to learn. Even Linux geeks.
A common Web 2.0 rich Web application system deployment involves a Web server running php and postfix for delivery of email notifications to Web site members. There are 4 key system requirements for such a deployment:
- A. Deploy as a null client, i.e as a machine that receives no mail from the network, and does not deliver any mail locally. This is a hugely important requirement to not turning your Web server into a launchpad for spammers.
- B. Rewrite the default Apache www-data@domain with something more meaningful like
firstname.lastname@example.org without changing PHP code. This is both a usability issue and a security issue, since it is a bad idea to advertise the fact that your Web site operations are clueless to the point of not knowing how to change default LAMP settings.
- C. Provide a human-readable From: in the header so that the users of your great Web 2.0 social media app will see real names instead of your domain. This is definitely a usability issue unrelated to security.
- D. Mask the email addresses of your users so that you don’t disclose personal information. This is a basic data security and privacy requirement.