Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
2.4k views
in Technique[技术] by (71.8m points)

node.js - Prevent Server Side attack from modifying code and accessing passwords from memory via print statments

Most applications with sound security standards hash passwords in databases such that the plaintext password may not be deduced given the hacker is granted access to the server's database. However, given an attacker is granted admin privileges to a server, wouldn't he be able to:

  1. Halt the program being executed.
  2. Inject a print statement into the source code of the program in locales where passwords obtained via HTTPS requests are temporarily stored in memory.
  3. Restart the program - upon input of sensitive information from clients, sensitive (un-hashed) information will now be printed to the console.

Hence given an attacker has been granted access to my server, wouldn't it follow that he may now extract sensitive information given such technique? Are there any widespread security protocols to prevent this? Would it help to compile the code on the production server and keep the source code secure on a different machine?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
等待大神解答

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...