Backstory
One of our super-users wanted to setup a PHP Nuke site for our customers; the sysadmin of the site at the time said it looked secure enough for production, and got the go-ahead.
It wasn’t.
After a half dozen intrusions, mostly due to the lax approch to security and data validation on the part of PHP & PHPNuke, we revisited the descision. The new plan was to replace PHP Nuke (or at least the part of it we use) with a rails-based solution.
But how?
Our basic plan is this:
- Initially, use a small rails app as a wrapper around PHP Nuke, to sanity check all incomming HTTP requests; instead of the extant policy of “accept anything that doesn’t look fishy according to some set of rules” the wrapper will use a policy of “reject anything that doesn’t look vaild according to some set of rules”
- Extend the wrapper to use PrettyURLs, mapping them to the Nuke URLs internally. This results in the creation of “placeholder” controlers & methods that correspond 1:1 with the PHP Nuke functionality we use.
- Extend the wrapper to rewrite generated HTML to use the pretty URLs
- Rewrite the placeholders to actually generate the HTML, rather than calling on PHP Nuke
- Nuke PHP Nuke.
- Clean-up the debris
Many of the details are still OpenQuestions but I’ll be documenting our progress as we go. If it works out, I’ll edit it for inclusion in the Howtos—if it doesn’t I’ll make it a HowNotTo instead.
Installing rails
The generic part of this was simple (see HowtoSetupApacheWithFastCGIAndRubyBindings). Since the PHP Nuke installation was only part of our site (and we are planning to use rails elsewhere) we also needed to learn HowtoDeployMoreThanOneRailsAppOnOneMachine.
Initially, we did this in a Sandbox? (a virtual server that only responded to requests from our side of the firewall; this is easy if you know HowToMakeVirtualHostsPrivateUnderApache).
Making it secure.
The next step was generic: HowToLockDownRailsForDeployment
Wrapping Nuke
The basic idea here was to use rails as a sort of condom around nuke; all requests coming in to the site were filtered by our rails app, and outgoing pages were fixed up to conform. This required: