[SUGGESTION] Different password/PIN to ACP

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Suggested Hosts
MNA
Registered User
Posts: 12
Joined: Sun Apr 20, 2008 3:45 pm

[SUGGESTION] Different password/PIN to ACP

Post by MNA »

Hi!

I use phpBB for many years and I would like to give you, phpBB developers, a security-related suggestion that you could implement in next phpBB releases.

As we all know, the Administrator of the board has one account for administration and discussion pruposes. It's not good, because when someone steal password while admin is logging in, he can destroy entire forum (I assume that admin is logging only to discuss, not to manage forum).

Of course, there are workarounds of this problem, like using two accounts (one for administering and one for discussion), deny access to /acp/ folder for foregin IPs etc.


But I would like to suggest something new:
- differrent password to ACP
OR
- PIN code for administrator

1) Different password
It would work like this: after admin has successfully been logged into forum, he can post new messages, create new topics etc. (like normal user). But when he will try to get into ACP, he will be requested to login again, but with different, earlier set (I mean: while he was creating forum) password.

2) PIN code
Like as above, but password would remain the same. However, there will be another text box to enter his PIN code (for ex. 8 digits, generated automatically while he registered) without which he will be unable to access ACP.


Please consider my proposition, I believe that it could be a good security echancement.


Greetings
MNA
User avatar
nuckfan15
Registered User
Posts: 1849
Joined: Fri Jul 09, 2004 4:46 am
Location: Vancouver, BC
Name: Travis

Re: [SUGGESTION] Different password/PIN to ACP

Post by nuckfan15 »

I have read your post. While your suggestions may very well make things secure by a small margin. Don't you think one secure password would do the same?

One password such as WagUca89 would be more secure then two passwords such as password and 1989. No administrator should have an easy to guess ( or hash ) password. It is also typically better to use multiple passwords with alot of characters rather then one universal password for your accounts. One difficult password on an admin account in phpBB is all you need.

It's up to you in the end; however.

BTW if your really interested in securing your board more....

http://www.phpbb.com/customise/db/mod/s ... user_name/
Travis aka Nuckfan15 - No Private Support
Make use of the Support Request Template when seeking support.
Oleg
Former Team Member
Posts: 1221
Joined: Sat Jan 30, 2010 4:42 pm
Location: NYC
Contact:

Re: [SUGGESTION] Different password/PIN to ACP

Post by Oleg »

MNA wrote: when someone steal password while admin is logging in
What would prevent that person from stealing password and pin or another password while admin is logging in to admincp?
Participate in phpBB development: Get involved | Issue tracker | Report a bug | Development board | [url=irc://chat.freenode.net/phpbb-dev]Development IRC chat[/url]
My stuff: mindlinkgame.com
User avatar
tbackoff
Former Team Member
Posts: 7064
Joined: Thu Jun 04, 2009 1:41 am
Location: cheerleading practice
Name: Tabitha Backoff

Re: [SUGGESTION] Different password/PIN to ACP

Post by tbackoff »

I would like to chime in too. phpBB has been through a paid security audit. If an administrator (as stated above) is using an insecure password, he or she shouldn't be an administratior at all.

By the way, a secure password (at least in my mind) is something along the lines of i!H0nd@&#U ;)
Flying is the second best thrill to cheerleaders; being caught is the first.
User avatar
nuckfan15
Registered User
Posts: 1849
Joined: Fri Jul 09, 2004 4:46 am
Location: Vancouver, BC
Name: Travis

Re: [SUGGESTION] Different password/PIN to ACP

Post by nuckfan15 »

t_backoff wrote:I would like to chime in too. phpBB has been through a paid security audit. If an administrator (as stated above) is using an insecure password, he or she shouldn't be an administratior at all.

By the way, a secure password (at least in my mind) is something along the lines of i!H0nd@&#U ;)
http://strongpasswordgenerator.com/ ;) Plenty of websites that make it easy enough to have a decent password. I don't like using symbols either, some websites prefer that you don't.
Travis aka Nuckfan15 - No Private Support
Make use of the Support Request Template when seeking support.
Desdenova
Registered User
Posts: 646
Joined: Sat Feb 23, 2008 7:25 pm

Re: [SUGGESTION] Different password/PIN to ACP

Post by Desdenova »

I believe that having the option to set an "admin password" would be a great feature, so long as it is kept an option and not the default. :)
nuckfan15 wrote:I have read your post. While your suggestions may very well make things secure by a small margin. Don't you think one secure password would do the same?
This is actually a debate that goes on in the Linux world all the time, normally known as "sudo versus su". Here's an article on it, there's a bunch of comments on the pros and cons of each.
http://www.tuxmagazine.com/node/1000148




For the record, I have both sudo and su set up on my Linux installation, however sudo is setup to ask for root's password.
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29278
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: [SUGGESTION] Different password/PIN to ACP

Post by Marshalrusty »

Desdenova wrote:I believe that having the option to set an "admin password" would be a great feature, so long as it is kept an option and not the default. :)
nuckfan15 wrote:I have read your post. While your suggestions may very well make things secure by a small margin. Don't you think one secure password would do the same?
This is actually a debate that goes on in the Linux world all the time, normally known as "sudo versus su". Here's an article on it, there's a bunch of comments on the pros and cons of each.
http://www.tuxmagazine.com/node/1000148
While the article's content is valid (for maximum safety, using sudo is better than logging in as root), it is not at all the same thing being brought up here.

What nn- is pointing out (and he is quite correct, of course) is that the real problem in the scenario is that someone managed to get the administrator's password. How did they do that? Is there a vulnerability in the software that allows them to intercept passwords? Is there malware on the admin's PC? Has the network connection been compromised? All of these cases would result in the attacker stealing the separate admin password as well. So how would it protect you anymore than the standard password?

As the root user, anything you run can seriously damage the system. That's why you don't want to run things as root; it has nothing to do with someone stealing your password. If someone can intercept your *nix user's password, the same question applies: how did they do it and what would prevent them from getting the password when you enter it (whether it's due to su or sudo).
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs
MNA
Registered User
Posts: 12
Joined: Sun Apr 20, 2008 3:45 pm

Re: [SUGGESTION] Different password/PIN to ACP

Post by MNA »

Hi guys, thank you for your interests.


You did not understand me at all. I know that admin should have strong password etc etc etc.


BUT I'm talking about situation when Administrator would login only for discussion pruposes, without access to ACP (for example: on public computer). In my case, I have restricted access to /acp/ folder only to some IPs on my HTTP server, so I can safely login to forum from foregin computer.

Again: I'm talking only about additional admin authentication only when he is trying to access ACP. You have to admit, that when Admin would only talk or check some posts on forum, access to ACP is completly unnecessary. So, if someone steal his password in such situation, he will be only able to post or delete admin posts without possibility to damage forum, so admin can feel safer while he logging in.


I believe now it's clear :)



PS nuckfan15, thank you for that link!
User avatar
bantu
3.0 Release Manager
3.0 Release Manager
Posts: 2523
Joined: Mon Jul 10, 2006 9:58 pm
Name: Andreas Fischer

Re: [SUGGESTION] Different password/PIN to ACP

Post by bantu »

If you need another layer of authentication, why not use something another layer already provides - like .htaccess/.htpasswd?
Powered by Coffee
MNA
Registered User
Posts: 12
Joined: Sun Apr 20, 2008 3:45 pm

Re: [SUGGESTION] Different password/PIN to ACP

Post by MNA »

Yes, I have something like this.


But I am in good situation, because I've got access to server's shell, not everyone has that possibility, so let's help them.
User avatar
tbackoff
Former Team Member
Posts: 7064
Joined: Thu Jun 04, 2009 1:41 am
Location: cheerleading practice
Name: Tabitha Backoff

Re: [SUGGESTION] Different password/PIN to ACP

Post by tbackoff »

nuckfan15 wrote:Plenty of websites that make it easy enough to have a decent password
The "password" I posted is something random (actually, its a makes-no-sense sentence). It's substituting numbers / symbols for letters.
nuckfan15 wrote:I don't like using symbols either, some websites prefer that you don't.
May I inquire as to why you dont like usnig them? Also, can you provide a few of those sites? I'd like to read their FAQ or some other document that states why they prefer you don't.

Let me make one thing clear; I have no problem with features that make a system or peice of software secure. As Marshalrusty pointed out, there are numerous scenarios in which an attacker can gain access to that second password. Could this second password feature be useful for some? Sure, but again, the website is only as secure as the administrator makes it (going backto my "if they are using an insecure password" arguement).
Flying is the second best thrill to cheerleaders; being caught is the first.
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29278
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: [SUGGESTION] Different password/PIN to ACP

Post by Marshalrusty »

t_backoff wrote:May I inquire as to why you dont like usnig them? Also, can you provide a few of those sites? I'd like to read their FAQ or some other document that states why they prefer you don't.
American Express's website limits you to 8 alphanumeric characters. I've asked them before what they could possibly be thinking, but received no response.

MNA wrote:BUT I'm talking about situation when Administrator would login only for discussion pruposes, without access to ACP (for example: on public computer). In my case, I have restricted access to /acp/ folder only to some IPs on my HTTP server, so I can safely login to forum from foregin computer.

Again: I'm talking only about additional admin authentication only when he is trying to access ACP. You have to admit, that when Admin would only talk or check some posts on forum, access to ACP is completly unnecessary. So, if someone steal his password in such situation, he will be only able to post or delete admin posts without possibility to damage forum, so admin can feel safer while he logging in.
Keep in mind that even without access to the ACP, someone can delete every post on the board through the MCP. The only argument left is that it would prevent someone from getting a backup of the database.

Don't get me wrong, I'm all for added security, just not necessarily via adding a bunch of authentication layers.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs
MNA
Registered User
Posts: 12
Joined: Sun Apr 20, 2008 3:45 pm

Re: [SUGGESTION] Different password/PIN to ACP

Post by MNA »

Keep in mind that even without access to the ACP, someone can delete every post on the board through the MCP.
But he must be in 'Global moderators' group first ;)
User avatar
tbackoff
Former Team Member
Posts: 7064
Joined: Thu Jun 04, 2009 1:41 am
Location: cheerleading practice
Name: Tabitha Backoff

Re: [SUGGESTION] Different password/PIN to ACP

Post by tbackoff »

OK, then to gain access to the ACP, that person must be in the 'Administrators' group first. ;)
Flying is the second best thrill to cheerleaders; being caught is the first.
Desdenova
Registered User
Posts: 646
Joined: Sat Feb 23, 2008 7:25 pm

Re: [SUGGESTION] Different password/PIN to ACP

Post by Desdenova »

Marshalrusty wrote:While the article's content is valid (for maximum safety, using sudo is better than logging in as root), it is not at all the same thing being brought up here.
Bzzzt, wrong. :roll:

The similarities between both are quite obvious (and also, you shouldn't be presenting your opinion as die-hard fact).
Post Reply

Return to “phpBB Discussion”