Относно сценарий за пробив в сигурността на системи за електронно обучение и облачни информационни системи за съвместна работа при публикуване на съдържание на уеб сървъри
Автори:
Веселина
Гагъмова
Военна академия „Г. С. Раковски“
Виолета
Василева
Университет по библиотекознание и информационни технологии
Страници:
40-
47
Резюме:
The authors present a research on technologies when a potential vulnerability appears regarding publishing of information on web sites on servers of e-learning systems and cloud-based collaborative information systems. A process regarding a threat of file stealing, which is ready to be published or it’s substitute, has been examined as well. A potential threat to website security arising from publishing information using the HTTP protocol (Hypertext Transfer Protocol) and HTML (HyperText Markup Language) publishing form is analyzed. In the scenario under consideration, publishing is done via the HTTP protocol. The FTP (File Transfer Protocol) is supposed to be disabled for security reasons. The potential threat is related to the possibility of theft and/or possible replacement of the file that is prepared for publication. The vulnerability that arises is related to the possibility of a potential attack. Although the web server may already have security in place by disallowing the use of the FTP protocol, the original posting file may actually be forwarded to a completely different directory or web address, and may be replaced with another file instead. This is made possible by using a specific parameter in the HTML form for publishing the file, namely the field containing the name of the file. It uses the fact that the file prepared for publication on the server is stored in its temporary directory. With the vulnerability that exists, an attack could be implemented. For example, this could be an attack when generating the screen of a certain test from a distance learning system. The result of the attack would occur at a time when a test is displayed on the screen that is actually invalid, ie. it is pre-prepared and known and replaces the actual test set by the teacher. As a solution, a special procedure is proposed as a php program code that checks the file that is being published for errors. This is due to the need to reduce potential security risks when uploading files to web servers.
Ключови думи:
E-learning; Cyberattack; Vulnerability; Security Breach Scenario; Web Server; Cloud Technologies.
Изтегляне