Crypting UserIdTable

freak007 · 09-19-2005, 11:51 AM

I wanted to ask if it is possible to crypt the UserIdTable file so nobody can see which users are added to the ftp except they have axx to the ftp and to the site users command.

Thanks for any answer to my question.

Best regards

freak007

tuff · 09-19-2005, 12:02 PM

sure, if you create a crypted partition, or a crypted container and run ioftpd from there

freak007 · 09-19-2005, 12:13 PM

no possibility of a script or something ?

Harm · 09-19-2005, 01:32 PM

Why would you need a script to do something that's built into your operating system ? Encrypt the file within windows and make sure that the account used to run ioFTPD can read it.

_panic_ · 09-19-2005, 10:02 PM

Quote:

Originally Posted by freak007

no possibility of a script or something ?

there aren't currently any scripting hooks in ioFTPD to crypt the user table. in theory, one could write a UserModule (see the [Modules] section of ioftpd.ini for a commented out reference to the mythical networkuser.dll file.), but a quick search of the forums doesn't turn up much about how to actually do this.

can someone point me to a script that requires a custom .dll module? or does everything use the internal event handler?

neoxed · 09-20-2005, 12:20 AM

The module system was never really documented, just a few dated (mostly vague) threads. Even if one managed to write a module, encrypting the UserIdTable would end up being more of a nuisance in the long run.

For example, if the user names were encrypted with symmetric cipher you would need an encryption key. This introduces new problems, where will the key be stored? If the key is defined in the ioFTPD.ini, all the intruder has to do is grab the key along with the UserIdTable to decrypt it. Alternatively, you could have ioFTPD prompt you for the key on start-up, but this destroys the purpose of a daemon (a background task that does not require user interaction).

Now, if one took the time to develop a realistic threat model, encrypting user names would be the least of your worries. Think about all the other points of entry and threats (e.g. uneducated and untrustworthy users).

In my opinion, Harm's idea (using NTFSâs encryption and ACL functionality) is probably sufficient.

JoC · 09-20-2005, 03:17 AM

Quote:

Originally Posted by _panic_

can someone point me to a script that requires a custom .dll module? or does everything use the internal event handler?

I think the old ioShareDB used a custom dll but it isnt uploaded on the new site.
http://www.inicom.net/forum/showthre...ghlight=shared

_panic_ · 09-20-2005, 01:34 PM

Quote:

Originally Posted by neoxed

In my opinion, Harm's idea (using NTFSâs encryption and ACL functionality) is probably sufficient.

your point about encrypting the on-disk userfile as being a nuisance (or just futile) are true. i made the mistake of ignoring the advice "just because you can, doesn't mean you should." which does apply in this case.

in fact, you don't even need to attack the encryption itself, as you could use a debugger to watch the calls between ioftpd and the UserModule, which would give you complete access to the information as soon as ioftpd initialized.

regardless, i think the ability to write a UserModule hook, regardless of the utility for this particular case, is good information to have. the example on this thread of ioShareDB being a perfect example of something that would never be in core ioftpd but could still be useful nonetheless.