Database Reference
In-Depth Information
Table 8-12. Security-sensitive XQuery extension modules
XQuery
extension
module
Security implications of use
Cache module
A user could potentially store a large quantity of information into the cache. This would exhaust the
memory available to the JVM used by eXist and could cause the database to crash.
Counter module
A user could create many counters on disk, filling the available disk space of the server and thereby
potentially crashing eXist or the underlying server.
File module
You have to be a user in the
dba
group in eXist to use the functions in the File module. However, should a
user be able to obtain
dba
privileges, he will be able to read/write anywhere in the filesystem that the
account under which the eXist server is running can read/write. Potentially, he could delete the
.dbx
files
that make up your database, download data or sensitive files, or fill up your server's disk space.
FTP module(s)
The EXPath FTP module could allow a user to retrieve documents from remote sources by URI; you can
reduce or alleviate this risk by using sensible firewall and network settings. This module could also
potentially be used to launch a Denial of Service (DoS) attack against a remote service.
HTTP module(s)
eXist and EXPath HTTP module could allow a user to retrieve documents from remote sources by URI; you
can reduce or alleviate this risk by using sensible firewall and network settings (e.g., forced transparent
proxy). These modules could also potentially be used to launch a DoS attack against a remote service.
JNDI module
A user could potentially gain access to external JNDI sources, depending on how the authentication of the
JNDI sources is configured by the container (e.g., Jetty, Tomcat, etc.).
Mail module
The Mail module could allow a user to send email either via a local
sendmail
or via a remote SMTP host.
This could be used to send SPAM or launch a DoS attack against a remote SMTP server. Consequently, a
local
sendmail
should not be used and remote SMTP servers should be secured appropriately to avoid such
attacks.
Memcached
module
A user could potentially store a large quantity of information into a Memcached instance, which could
affect the stability of that instance and the server on which it resides.
Session module
A user could potentially store a large quantity of information into her session. This would exhaust the
memory available to the JVM used by eXist and could cause the database to crash.
SQL module
A user could potentially open many connections against a remote SQL database, which could affect its
ability to respond and, in effect, cause a DoS attack.
Util module
A user could use the
util:serialize
function to create many files on disk, filling the available disk
space of the server and therefore potentially crashing eXist or the underlying server.
A user could use the
util:wait
function to pause the current database broker for a long period. If this
was done across many connections, the available brokers could rapidly be exhausted, effectively causing a
DoS attack on eXist.
Search WWH ::
Custom Search