Portal to Active directory server

Status
Not open for further replies.

JoeBlu

New Member
Messages
8
Reaction score
1
Points
3
Hi everyone,

I am new to x10 hosting and I was wondering if it is against x10Hosting.com's terms of service (for the free hosting) to create a website to be used as a portal to an active directory server set up at my house. I intend to use it so that my DeVry senior project group can push and pull the code base from my house server. I do not intend to store the code or any files not necessary to the site, unless I am allowed to set up a caching service on my site to curb my bandwidth usage. The plan is to set up a Linux cent OS server at my house and use authentication (Samba or Kerberos) to connect to it through the site I would like to set up at x10Hosting.com. Is this allowed? Would it be considered a proxy server? it seems to me it would be a portal or web interface with my home server. and do you have any tips as to how to set up this site (if allowed) so that my account does not get suspended?
 

TuxMay

New Member
Messages
4
Reaction score
1
Points
1
If you are creating a website to external files not located on the x10Hosting network, that should not be a problem (don't hold me to that though). x10Hosting doesn't allow its hosting to be used for file storage systems or backup storage. All files upploaded to your x10hosting control panel must be used on your site.

You can read x10Hosting's ToS here: https://x10hosting.com/legal/terms-of-service

Lastly, I welcome you to x0Hosting :)
 

tonynadi

Member
Messages
41
Reaction score
1
Points
6
If you route the traffic through the x10hosting server, then it is essentially a proxy, and they may have issue with that.

If you use the hosted software to create a connection between the users' browser and your local computer's filesystem, then it would not affect x10hosting.

The best method entirely depends on your purpose. If your main intent is anonymity, a proxy is the only real option, and you can't do that here.
However, if your primary intent is security, there are a variety of options.

The best available would be to have public requests to x10hosting establish a secure conn, which in turn would pass an encryption request to your local directory. Then code on your home computer could generate a SSL cert and key, passing the public key back to the server then onto the user. This could also include current connection information to your local computer, allowing a Node.js or javascript component of the software on the user's browser to direct a connection to your home computer, using this new SSL cert.

That would require quite a bit of expert coding however.
 

JoeBlu

New Member
Messages
8
Reaction score
1
Points
3
If you are creating a website to external files not located on the x10Hosting network, that should not be a problem (don't hold me to that though). x10Hosting doesn't allow its hosting to be used for file storage systems or backup storage. All files upploaded to your x10hosting control panel must be used on your site.

You can read x10Hosting's ToS here: https://x10hosting.com/legal/terms-of-service

Lastly, I welcome you to x0Hosting :)

I did read the terms of service, though I guess I didn't remember the part about all files needing to be used on the site. That probably rules out having a cache system then. I'll hold out on official x10hosting confirmation before I totally decide though.
 

JoeBlu

New Member
Messages
8
Reaction score
1
Points
3
If you route the traffic through the x10hosting server, then it is essentially a proxy, and they may have issue with that.

If you use the hosted software to create a connection between the users' browser and your local computer's filesystem, then it would not affect x10hosting.

The best method entirely depends on your purpose. If your main intent is anonymity, a proxy is the only real option, and you can't do that here.
However, if your primary intent is security, there are a variety of options.

The best available would be to have public requests to x10hosting establish a secure conn, which in turn would pass an encryption request to your local directory. Then code on your home computer could generate a SSL cert and key, passing the public key back to the server then onto the user. This could also include current connection information to your local computer, allowing a Node.js or javascript component of the software on the user's browser to direct a connection to your home computer, using this new SSL cert.

That would require quite a bit of expert coding however.

My only real concern was for security. I don't want just anybody to have access to my home computer through the hole I would have to open up in the firewall. Though your suggestion sounds like a potentially simpler way to do what I was trying to do.

I had planned to create a VirtualBox linux server behind a virtual firewall (there is a linux distro even for that). the linux server would have samba or kerberos installed to provide authentication services. the site would allow a user anywhere on any computer to send a message to a predefined port on my virtual server and the linux box would accept or deny the connection. If the connection was accepted it would allow files to be uploaded to the file server or downloaded from the file server to the users computer. the site would have a little button that allows you to select a folder or file to upload and then uploads it. This would be the basic function for the site.

It would be ideal if I could upload files to my computer through the site directly from the git gui window or the git command line window. if the problem is only storing files unrelated to the site and auto run scripts maybe it would be possible to create a clean up script that runs five minutes after a user logs out to clear out temporary files from a user.

I had planned on having it use a VPN but, now that I think about it SSL would probably be simpler to set up. I don't even necessarily need it though. Anybody listening would only get little snippets of source code that probably wouldn't work in the first place and wouldn't be useful unless correctly paired with the rest of the program. Though I guess not having VPN or SSL would open up the possibility of a man in the middle attack wouldn't it?
 

JoeBlu

New Member
Messages
8
Reaction score
1
Points
3
I believe I initially misread a
If you route the traffic through the x10hosting server, then it is essentially a proxy, and they may have issue with that.

If you use the hosted software to create a connection between the users' browser and your local computer's filesystem, then it would not affect x10hosting.

The best method entirely depends on your purpose. If your main intent is anonymity, a proxy is the only real option, and you can't do that here.
However, if your primary intent is security, there are a variety of options.

The best available would be to have public requests to x10hosting establish a secure conn, which in turn would pass an encryption request to your local directory. Then code on your home computer could generate a SSL cert and key, passing the public key back to the server then onto the user. This could also include current connection information to your local computer, allowing a Node.js or javascript component of the software on the user's browser to direct a connection to your home computer, using this new SSL cert.

That would require quite a bit of expert coding however.

I just realized that I misread your post in my last reply. I missed the part about a direct connection to my home computer. My original idea was essentially a proxy then. I like your idea though. I think I will take it and run with it. the network programming required shouldn't be too hard as I have been teaching myself the theory for the past month or two. It will be the SSL that will give me trouble as I have never used before.
 

tonynadi

Member
Messages
41
Reaction score
1
Points
6
I just realized that I misread your post in my last reply. I missed the part about a direct connection to my home computer. My original idea was essentially a proxy then. I like your idea though. I think I will take it and run with it. the network programming required shouldn't be too hard as I have been teaching myself the theory for the past month or two. It will be the SSL that will give me trouble as I have never used before.

If that's what you're going for, there are even easier ways. Regarding the SSL, use OpenSSL. Do your reading. Ultimately is is through public-key/private-key encryption that you can make things secure.

Please carefully consider three main components:
  1. Encryption
  2. User Authentication
  3. Software Vulnerability
With respect to Encryption, as long as you properly use public/private key, you should be fine.
With respect to Authentication, there are a laundry list of pitfalls. The main key is deciding how to best verify the identity of the user.
With respect to vulnerabilities:
  • Only send the local conn info encrypted.
  • Be very careful to prevent things like SQL Injection, or brute-force access.
  • Files sent to your system should default to a quarantined folder, and scanned, immediately upon receipt.
Honestly, Node.js would probably the best platform for what you are trying to do.
 

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
^ And if Node.js were to be used, you'll have to go at least VPS.
 

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
That would be something you would have to investigate via Google or from a member (not an ordanary user) here.
As far as I know, it is likely to do with opening ports and sockets. It could also be to do with the resources that could easily be taken up.
Many shared hosting sites don't allow node.js as well.
 

JoeBlu

New Member
Messages
8
Reaction score
1
Points
3
That would be something you would have to investigate via Google or from a member (not an ordanary user) here.
As far as I know, it is likely to do with opening ports and sockets. It could also be to do with the resources that could easily be taken up.
Many shared hosting sites don't allow node.js as well.

For what I am planning to do I don't think that would matter. The node.js would only be needed to handle the connection between my personal home server and the user's computer. OpenSSL and plain old TCP/IP would take care of the connection with the X10Hosting site as an intermediary between my home server and the user. That is unless I missed something. I have never actually used node.js or OpenSSL before so I don't have first hand experience on how they would be used. From what I understand port 443 (the standard SSL port) is a commonly enabled port even at airports. As long as I can get verification that a free account can use it I should be fine.
 
Last edited:

JoeBlu

New Member
Messages
8
Reaction score
1
Points
3
If that's what you're going for, there are even easier ways. Regarding the SSL, use OpenSSL. Do your reading. Ultimately is is through public-key/private-key encryption that you can make things secure.

Please carefully consider three main components:
  1. Encryption
  2. User Authentication
  3. Software Vulnerability
With respect to Encryption, as long as you properly use public/private key, you should be fine.
With respect to Authentication, there are a laundry list of pitfalls. The main key is deciding how to best verify the identity of the user.
With respect to vulnerabilities:
  • Only send the local conn info encrypted.
  • Be very careful to prevent things like SQL Injection, or brute-force access.
  • Files sent to your system should default to a quarantined folder, and scanned, immediately upon receipt.
Honestly, Node.js would probably the best platform for what you are trying to do.


OpenSSL would take care of the encrypted connection, prepared statements and a standard method similar to HTMLSpecialChars() (from php) would take care of first and second order SQL injection, and I could take care of Brute force access by forcing a time out after x attempts for y minutes and/or putting a captchca in similar to the one stack overflow has with the hal-9000 picture and the check box picture you click (I assume it is a picture click enabled by a simple script at least.)

I never really thought about quarantining and scanning incoming files before though. Would you happen to know off-hand of a good way to get that to work would you?
 

essellar

Community Advocate
Community Support
Messages
3,295
Reaction score
227
Points
63
StackOverflow/StackExchange is just using ReCAPTCHA (which is now a sort of CAPTCHAless CAPTCHA). The HAL picture you have to provide yourself; it's not part of the Google package. As for your Free Hosting server, about all you'd be allowed is to provide a link to your home server; x10Hosting won't allow you to tunnel/proxy, and browser sandboxing should scream bloody murder and dial 911 (or 999, as the case may be) if you try to submit anything to an untrusted 3rd party (which you're going to be if you self-sign).

My question would be why don't you use a repository like github and save a lot of trouble? Seems to me it would suit your purposes better than vanilla file transfers.
 

tonynadi

Member
Messages
41
Reaction score
1
Points
6
StackOverflow/StackExchange is just using ReCAPTCHA (which is now a sort of CAPTCHAless CAPTCHA). The HAL picture you have to provide yourself; it's not part of the Google package. As for your Free Hosting server, about all you'd be allowed is to provide a link to your home server; x10Hosting won't allow you to tunnel/proxy, and browser sandboxing should scream bloody murder and dial 911 (or 999, as the case may be) if you try to submit anything to an untrusted 3rd party (which you're going to be if you self-sign).

My question would be why don't you use a repository like github and save a lot of trouble? Seems to me it would suit your purposes better than vanilla file transfers.

The browser won't scream bloody murder if you build-in the encryption instead of using standard certification methods.
 

tonynadi

Member
Messages
41
Reaction score
1
Points
6
OpenSSL would take care of the encrypted connection, prepared statements and a standard method similar to HTMLSpecialChars() (from php) would take care of first and second order SQL injection, and I could take care of Brute force access by forcing a time out after x attempts for y minutes and/or putting a captchca in similar to the one stack overflow has with the hal-9000 picture and the check box picture you click (I assume it is a picture click enabled by a simple script at least.)

I never really thought about quarantining and scanning incoming files before though. Would you happen to know off-hand of a good way to get that to work would you?

Sounds like you've got a solid handle on intrusion prevention, though if you're using PHP, I would suggest using PHP: PDO::prepare rather than HTMLSpecialChars. HTMLSpecialChars DOES NOT prevent injection, but only prevents people from adding HTML or doing XSS. Binding variable to columns via PDO is the only certain way to prevent injection. If you CAN'T use PDO, then see this post about injection.

As for quarantine, again, it depends on the level of security you're looking for. At the highest level, you should have a separate HD, running a different FS, configured to prevent all read and execs. Next up is creating an isolated linux partition, and doing the same. After that, force everything into a folder with 070 permissions, force the file to 000, run ClamAV as root.
 

tonynadi

Member
Messages
41
Reaction score
1
Points
6
Sounds like you've got a solid handle on intrusion prevention, though if you're using PHP, I would suggest using PHP: PDO::prepare rather than HTMLSpecialChars. HTMLSpecialChars DOES NOT prevent injection, but only prevents people from adding HTML or doing XSS. Binding variable to columns via PDO is the only certain way to prevent injection. If you CAN'T use PDO, then see this post about injection.

As for quarantine, again, it depends on the level of security you're looking for. At the highest level, you should have a separate HD, running a different FS, configured to prevent all read and execs. Next up is creating an isolated linux partition, and doing the same. After that, force everything into a folder with 070 permissions, force the file to 000, run ClamAV as root.

One last tidbit, there is only one virus (math experiment that doesn't really do anything) that can still function while compressed, so you can always just tar.gz everything as soon as it lands, then use ClamAV to scan the contents.
 
Status
Not open for further replies.
Top