Database Reference
In-Depth Information
public boolean authByHostname (String clientIP) throws
Exception {
booleansafe = false;
InetAddress address =InetAddress.getByName(clientIP);
String hostname=address.getHostName();
String canonicalhostname = address.getCanonicalHostName();
If
(canonicalhostname.endsWith("trustedsite.com")) {
safe = true;
}
return safe;
}
}
You cannot control external DNS servers. All that is in there (IP/name mapping, cache,
and registering APIs) one day can be poisoned and compromised. Traffic can be routed to
the ghosts controlled by culprits, where IP addresses, names, and host attributes will be
mocked as trusted. Simply put, don't trust anything coming from outside, especially from
DNS, and do not base your authentication on these attributes.
Single-factor authentication
The vulnerability code for single-factor authentication is
AU05
.
Consider a dual-factor authentication as significantly more secure. Increasing the factor
will certainly increase authentication resilience, but it could have a negative effect on per-
formance (depending on the number of authentications per second, and it must be evalu-
ated case by case).
Least Privilege Violation
The vulnerability code for Least Privilege Violation is
AZ01
.
The elevated privilege level required to perform operations such as
chroot()
should be
dropped immediately after the operation is performed.
Most commonly, this vulnerability is exploited when your service, acting as a Trusted
Subsystem, uses the elevated privilege level, accessing the common resources.
Search WWH ::
Custom Search