|
Naziv
|
Manipulating Writeable Configuration Files
|
|
Sažetak
|
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.
|
|
Preduvjeti
|
Configuration files must be modifiable by the attacker
|
|
Rješenja
|
['Design: Enforce principle of least privilege', 'Design: Backup copies of all configuration files', 'Implementation: Integrity monitoring for configuration files', 'Implementation: Enforce audit logging on code and configuration promotion procedures.', 'Implementation: Load configuration from separate process and memory space, for example a separate physical device like a CD']
|
