common.openJournalSystems

Pengembangan Mekanisme Otentikasi Dan Otorisasi Manajemen Config Pada Kasus Shared Web Hosting Berbasis Linux Container

Saifuddin Saifuddin, Royyana Muslim Ijtihadie, Baskoro Adi Pratomo

Abstract

A large part of the service provider's website using an operating system Linux, when one of the websites in the Shared web can be taken over, most likely other websites will also be mastered by reading config connecting to the database, the mechanism used to read a config file with the command in linux by default is available, using the command ln -s also known by the term symlink who can read the directory where the web, although different config directory.
The results show config on web applications that are in the directory in a single server can be read using these methods but can not be decoded to read user, password, and dbname, because it has given authorization can be decoded only from the directory already listed. on testing performance for latency, memory, and CPU system be followed, to get good results the previous system. The test results using the cache, the response time generated when accessed simultaneously by 20 click per user amounted to 941.4 ms for the old system and amounted to 786.6 ms.

Keywords

Cyber crime; De-Militarised Zone; Docker engine; symlink

Full Text:

PDF

References

Mirheidari, Seyed Ali, et al. "A Comprehensive Approach to Abusing Locality in User Web Hosting Servers." Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on. IEEE, 2013.

Bernstein, David. "Containers and cloud: From lxc to Docker to kubernetes." IEEE Cloud Computing 3 (2014): 81-84.

Suzuki, Etsuko. "A design of authentication system for distributed education." Information Technology Based Higher Education and Training, 2004. ITHET 2004. Proceedings of the FIfth International Conference on. IEEE, 2004.

Gao, Lei, Chunhong Zhang, and Li Sun. "RESTful web of things API in sharing sensor data." Internet Technology and Applications (iTAP), 2011 International Conference on. IEEE, 2011.

Stawowski, Mariusz. "The Principles of Network Security Design." ISSA Journal (2007): 29-31.

Niu, Zhixiang, Cheng Yang, and Yingya Zhang. "A design of cross-terminal web system based on JSON and REST." Software Engineering and Service Science (ICSESS), 2014 5th IEEE International Conference on. IEEE, 2014.

Refbacks

  • There are currently no refbacks.
 

Indexed by:

Referencing Software:

Checked by:

Statistic:

View My Stats


Creative Commons License Kinetik : Game Technology, Information System, Computer Network, Computing, Electronics, and Control by http://kinetik.umm.ac.id is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

ISSN: 2503-2267