hello everybody!
I just want to know a very little thing from all you C/C++ Experts that:
is it considered to be an unsafe practice or a security threat to have a C Compiler installed on a Live Production server?
In case yes, can there be any possible ways to mitigate possible risk ?
Please suggest ! Thanks in Advance !
Rohit!
7  2364 
I would say that's an incredibly bad idea. Ways to mitigate risk is to move it out of prod. You could go through your lockdown procedures, make sure only the people who are supposed to have access to it have access but I still cannot fathom why a compiler would need to be there. Under any circumstances.
I'd love to have my own login.c program compiled on that machine ;-)
kind regards,
Jos
Helo Sicarie,
Thanks for your valuable opinion. That's what i needed to understand.
The reason why a compiler is required there, goes like this:
I work with HP Openview Management softwares, hope you know what these are. I am not someone who's done a lot of coding.
Now, i need to use some very small APIs of this tool called OVO and may need to customize it to a smalller extent.
I don't have a test environment ready with me as of now. Just have two servers, one prod and one DR. And moreover, even if i plan to build a testbed, i'd need one more license for the whole application and that's not cheap. Hope it's making sense to you.
I am not going to make new applications using this compiler. Just that there are few advanced features like APIs and integration features to other applications, that i need to use with this in my production environment.
Please enlighten me if you have any thoughts.
Thanks..Rohit
Keep the compiler out of Prod. (See Jos' post above) This is a major security issue, and I can't stress it strongly enough.
I would recommend keeping the compiler on a client in the domain/workgroup, but then only running the test binaries during your change time (weekends, weeknights, whatever), and having a good backout plan.
A situation like this is difficult to develop around, but if you use good design principles from the beginning, it will make everything a lot easier. Difficult, but not impossible.
Hi Sicarie,
Just like to add something more here..
Access is not a problem on my servers, only I have access to the server and application, so no Josah can come in and compile his login.c program. :)
But, if you guys would say that it's an incredibly bad idea, i'll certainly understand and i had not decided to go that way, please dont take me wrong, i just imagined this possibility since i am not a coding expert and I just felt like asking you experts.
Thanks!
Hello..
I got what you mean to say now! that's exactly what i wanted to understand and i am clear now that it's not a good idea.
I think i'd look for other alternatives in my situation now.
Thanks a TON for your guidance. I truly appreciate it !
Rohit
I do believe it to be a bad idea - just as one single scenario that it could be detrimental is if a 0-day is used to compromise the machine, then someone could create Jos' login.c. That's aside from any sort of stored credentials it might currently have, or it's place in the domain. I would strongly, strongly recommend keeping it out of prod.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Isaac Blank |
last post by:
We're running DB@ V7 FP8 and need to create SQL stored procedures. Is there
a way to avoid having a C compiler on the production machine?
TIA
Isaac
|
by: Yasaswi Pulavarti |
last post by:
I have three instances with a database each on a production server. I
need to replicate the databases on a qa server once a week. I
installed administration client on qa server. How do I go about...
|
by: Andrew |
last post by:
I use conditional compiler constants, set through the VBA IDE in
Tools, <projectname> Properties, that I refer to throughout my code to
control which code is used during development, and which...
|
by: Steve - DND |
last post by:
I have a web project which references some assemblies from other projects I
have worked on in different solutions, and am running into some quirky
behavior.
My web project assembly is...
|
by: Klaus Jensen |
last post by:
Hi!
I have a pretty traditional setup where I develop on my local PC and the use
"Copy Project" to deploy to the production enviroment.. In web.config I need
different values for...
|
by: Hamilton |
last post by:
Hi there,
I've seen this error appear a few times in newsgroups but unfortunately I haven't found one that actually provides a solution.
I'm basically deploying a new website into an area at a...
|
by: Mariano |
last post by:
Greetings,
I'm developing a web site in asp.net 2.0. I have class files in App_Code
and they are used in aspx. Example:
* App_Code ( i have users.cs containing users class, data.cs is DAL)
*...
|
by: gsauns |
last post by:
Hello,
I have just put a new virtual server in place that I intend to make my
development server. I would like to develop and test on that new
server, and host my production apps on my...
|
by: Charles Sullivan |
last post by:
A C program with code typified by the following pared-down example
has been running after compilation on numerous compilers for several
years. However with a fairly recent GCC compiler it results...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |
