1s the folding one will be washed down with the possible re-stack. Data transfer via COMConnector. Margined file access from a terminal server may involve boundaries

The Informix® DataBlade™ API is no longer available for use in . The "Managing Stack Space" section describes the creation of the back office function (UDR). This article provides additional information for the sake of improvement.

The following information is valid regardless of whether the UDR is configured on your computer's virtual processor (VP) or CPU VP. The thread stack can be moved around the virtual processor directly in front of the UDR.

What size stack does it look like for UDR?

The size of the stack available to the UDR depends on how the UDR was created:

for the help of the STACK modifier, which allows UDR to vikorize its special vision stack,

without the STACK modifier, which means that the UDR will vicorize the stack that is visible to the server, along with the thread that the request is made. The stack size in this form will be determined by the values ​​of the STACKSIZE parameter in the onconfig configuration file.

STACK modifier

The CREATE PROCEDURE or CREATE FUNCTION expressions contain an optional STACK modifier, which allows you to specify the size of the stack space in bytes that is necessary for the UDR wiki.

If you use the STACK modifier during the creation of the UDR, the server is visible and the stack space can be removed when the UDR is created. The current available size is the previous value of STACK in bytes minus the amount of overhead spent, which lies in the number of function arguments.

Since the STACK value is smaller than the value of the STACKSIZE parameter in the onconfig file (the next section), the stack size seen for the UDR will be automatically rounded up to the STACKSIZE value.

Configuration parameter STACKSIZE

The configuration file onconfig includes the STACKSIZE parameter, which indicates the size of the stack behind the woven threads.

If you do not specify STACK when creating the UDR, the server does not see the additional stack space for creating the UDR value. Natomist UDR vikoristovuyu stack space, visions for vikonannya washed down. The available stack size is due to the overhead costs of configuring functions, which are less common than in SQL.

The thread stack is visible once for the specific thread that you are entering. The speed is higher if the UDR shares one stack with a thread, so the server does not waste resources on seeing the additional stack per UDR call. On the other hand, since the size of the stack that is being scaled up approaches the STACKSIZE value, it is possible to force the stack to be refilled when the function is called at the warehouse (in which case for the UDR window, less stack space will be available).

It is important to note that it is not possible to set the value of STACKSIZE, so that all the threads of the code will be lost.

When is it necessary to measure the size of the stack?

You are responsible for wasting stack space because UDR avoids recursive calls, or because UDR takes up more stack space, which is not available behind the stack thread (STACKSIZE).

There are two ways to increase the stack for the UDR team:

Enter the STACK modifier when the UDR is created.

Use mi_call() to select recursive calls (excellent example in the "Programmer's Guide to the Informix DataBlade API").

If you don't specify the size via STACK, and if you don't use mi_call() to increase the thread stack, and if UDR works in any way that takes up a lot of stack space, then you need to replenish the stack.

Taken seriously, these functions of the mi_* view add a new segment of the stack of this powerful victor. These segments are changed when rotated to the UDR that the function was called.

What to do if something is wrong?

Beware of the wiki stack

The guard meta is the identification of a specific UDR, which calls for stack replenishment to change the STACK values ​​specifically for that specific UDR.

Beware of the wiki stack for the additional command "onstat -g sts"

Watch out for the session that SQL displays, use onstat -g ses session_id for help

Once you have identified the SQL statement that will end up being refilled on the stack, you can then determine the stack's value by matching the queries from the UDR that go before the original statement's storage.

You can dynamically set STACK values ​​for UDR. For example:

After changing the STACK value, protest the original input to reconvert so that it now runs stably.

Extension STACKSIZE

As an alternative, try increasing the STACKSIZE value. Turn over what caused the problem. (Later, do not forget to turn the old value).

Since increasing STACKSIZE did not help, the problem of memory degradation has disappeared. Axis of propositions:

Turn off memory scribble and check memory pools. The "Debugging Problems" section of the Memory Allocation for UDRs article explains how to do this.

Take a look at mi_lvarchar. With particular respect, it should be noted that mi_lvarchar is passed to a function that will remove the null term as an argument.

Reduce the number of CPU (or power) VPs to one to make the problem worse.

mi_print_stack() -- Solaris

Informix Dynamic Server for OS Solaris includes the mi_print_stack() function, which can be used in UDR. After completion of operations, this function saves the stack frame to the next file:

/tmp/default.stack

You cannot change the name of the output file, but you can change its output by changing the values ​​of the DBTEMP variable. Please check that the directory $DBTEMP is allowed to write to the informix user. Whether or not mi_print_stack() is displayed in $MSGPATH.

This function is only available for OC Solaris.

Glossary

The terms are shortened and used in this article:

This article demonstrates once again that any complex of security approaches is required to cover all stages of development: development, larynx, system administration, obligatory, organizational approaches. In information systems, the “human factor” itself is the main threat to security. This set of approaches may be reasonable and balanced: there is no sense and it is unlikely that enough money will be seen to organize the defense, which outweighs the data itself.

Enter

1C:Enterprise is the most extensive cloud system in Russia, but, regardless of this, until version 8.0, its vendors paid very little respect to food security. Mainly, this was dictated by the price of the new product and the focus on small businesses, with daily qualified IT workers, and the possible risk of opening up and supporting the protected systems and would be prohibited on the road for business. With the release of version 8.0, the emphasis will change slightly: the solution level has significantly increased, the system has become significantly scaled and compact - the features have changed significantly. The system began to become reliable and stolen - the food is even more individual. The main information system of immediate business can be satisfied with at least the current security benefits:

• The possibility of system failure due to internal reasons is low.
• Reliable authorization of clients and protection of data from incorrect actions.
• An effective system for recognizing the rights of foreigners.
• The operational system is backed up and updated whenever there is a failure.

Are you satisfied with solutions based on 1C:Enterprise 8.0 with such benefits? There is no clear answer. Regardless of the significance of the changes in the access control system, it was impossible to get a lot of unused power. It is important that since the system is fragmented and fine-tuned, all of them may not be compromised, or they will be consolidated in a way sufficient for this advancement in the world, in order to gain respect (and at the same time, the legacy of the “youth” of the platform), so that for the future A truly titanic effort has to be made in the efforts of overprotected minds zusillya.

This article is intended for developers and implementers of solutions on the 1C:Enterprise platform, as well as system administrators of organizations that use 1C:Enterprise, and describes the steps involved in developing and adjusting the system The data-server version of the system from the point of view of information security organization. This article cannot be considered as a replacement for documentation, but rather indicates certain points that have not yet been identified in it. And, of course, this article, not all the documentation, will not be able to convey the complexity of the problem of a stolen information system, which today may be satisfied with the superb benefits of security, productivity, availability and functionality i.

Classification and terminology

The key subject of the article is information threats.

Information threat– the possibility of a situation where data is unauthorized read, copied, changed or blocked.

I, arising from this meaning, the statistics classify information threats as follows:

• Unauthorized reduction of data
• Unauthorized change of data
• Unauthorized copying of data
• Unauthorized reading of data
• Data unavailability

All threats are divided into real and unforeseen. The realized information threat is called incident. Features of the system:

Basically, these types of changes are considered, the validity of which is due to the stagnation of the technological platform 1C itself: Enterprise 8.0 in the client-server version (even if you don’t understand the sense of just 1C or 1C 8.0). The following are significant main roles of the system:

• Operators– employees who share the right to review and change data with an applied role, but do not have administrative functions
• System administrator- Customers who have administrative rights in the system, including administrative rights in the operating systems of the add-on server and MS SQL server, administrative rights in MS SQL, etc.
• IB Administrator- Correspondents who are delegated administrative functions in the 1C information base (such as the addition of clientele, testing and correction, backup, adjustment of application solutions, etc.)
• System distributors- Koristuvachs who develop applied solutions. Mothers can only access the operating system.
• Individuals who do not have direct access to the system– users who have not been delegated access rights to 1C, but who in any other way can access the system’s operation (depending on all users of the same Active Directory domain in which the system is installed). This category is considered before we identify potentially unsafe subjects in the system.
• Automated administrative scripts– programs that delegate certain functions, designed for automatic execution of actions (for example, import-export of data)

Here it is necessary to note two points: firstly, this classification is very rough and does not cover the area in the middle of the skin group - such a area will be created for certain specific types, and in another way, it is transferred to other individuals cannot contribute to the system's work. It may be secured by external means 100% 1C.

Whether any security system may be created to ensure completeness and security. Before the development and deployment of the information system, it is necessary to ensure that the cost of protecting the system is:

• the value of the information that is being protected;
• contribution to the incident (in case of a real threat);
• financial risks in case of incident

It is foolish and awkward to organize a defense that is significantly expensive, lower assessment of its financial efficiency. There are a number of methods for assessing the risks of information loss, and there are differences between these statistics. Another important aspect is to strike a balance, which is most often the case for information security, system productivity, ease of use and ease of operation of the system, speed of development and deployment, and other benefits for information systems. Enterprises

Main features of the information security mechanism of the system

1C:Enterprise 8.0 is available in two versions: file and client-server. The file version cannot be used in a way that ensures the information security of the system for the following reasons:

• This configuration data is saved in a file that is readable and writable by all users of the system.
• As will be shown below, authorization of the system is very easy to manage.
• The integrity of the system is ensured only by the kernel of the client part.

The client-server option for saving information uses MS SQL Server, which will ensure:

• Saving your data more reliably.
• Isolation of files for direct access.
• The mechanisms of transactions and blocking have become more detailed.

Regardless of the importance of the file and client-server version of the system, they create a single access control scheme at the level of an application solution that provides the following capabilities:

• Authorization of a koristuvach using the password specified in 1C.
• Authorization of the accountant for the accurate accountant of Windows.
• Assignment of roles for system employees.
• The division of administrative functions into roles.
• Assignment of available interfaces to roles.
• Restricting access to metadata objects by roles.
• Sharing access to the details of objects for roles.
• Restricting access to data objects by roles and session parameters.
• Intervention of interactive access to data and configured modules.
• Deyaki obezhenya vykonannya code.

In general, the scheme for accessing data that is being analyzed is typical for information systems of this level. However, this implementation of the trilank client-server architecture has a number of important aspects that lead to an apparently large number of spillovers:

1. There are a large number of stages of data processing, and at the skin stage there may be different rules for access to objects.

   The diagram of the stages of data processing, which is considered safe from the point of view of safety, has been carefully simplified and is shown in Fig. 1. The fundamental rule for 1C is to change the boundary between the world and the transition downwards behind the scheme, so that a spillover on one of the upper levels can ruin the operation of the system on all levels.

2. Lack of established procedures for monitoring data that is transferred when moving from level to level.

   Unfortunately, not all internal mechanisms of the system are ideally developed, especially the non-interactive mechanisms, which are difficult to develop on one side, but are more reliable on the other. This “illness” is not a problem, including the 1C company, but is common in a wide variety of server products from most vendors. Thanks to the remaining fates, respect for these problems has grown significantly.

3. The average qualification of developers and system administrators that was available in the previous version is insufficiently high.

   Products of the 1C:Enterprise line were initially oriented toward ease of development and support for work in small organizations, so it is not surprising that historically it has developed so that a significant portion of the “developers” of applied solutions and “administrators” strator systems do not have sufficient knowledge and skills for work This is a significantly advanced product, which is version 8.0. The problem is complicated and the practice adopted in franchise companies is to start “in battle” for the sake of clients who do not systematically approach their diet. It is necessary to properly support the 1C company so that, after a few fatalities, this situation is gradually corrected: serious franchise companies have become increasingly approaching the problem of selection and beginning personnel, the level of information and technological support from the side of the 1C company is significant, they have announced a certification program for orientation to the highest standard of service; If the situation cannot be immediately corrected, then this official should undertake a security analysis of the system.

4. The short life of the platform has been restored.

   Among products of similar directness and with the purpose of vikorising one of the youngest solutions. The functionality of the big-mensch platform has survived less than fate. With this, the release of the platform, starting in 8.0.10 (in which release itself, all the possible features of the system were implemented), becoming significantly more stable in the past. The functionality of typical application solutions is still growing not every day, but every day, although the capabilities of the platform are limited to half the power. Of course, in such minds they talk about stability, you can talk about it mentally, but in general it is necessary to know that many solutions on the 1C 8.0 platform are significantly outdone for functionality and productivity (and not for stability and stability) similar solutions on the 1C 7.7 platform.

Then, the system (and, perhaps, a typical application solution) is developed for business and installed on a computer. In the first place, it is necessary to create such a middle ground, in which case the sense of adjusting the security of 1C, and for which it is necessary to adjust it in such a manner, so that the assumption that the adjustment of the system will inevitably flow into the security of the system is completed.

Follow the strict safety rules.

We cannot speak about any information security of the system, since the basic principles of creating secure systems are not adhered to. Be sure to get over it, so that you would like your minds to be protected like this:

• Access to the servers is physically connected and ensured by an uninterrupted robot:
  • server equipment ensures high reliability, replacement of faulty server equipment has been established, for particularly critical applications, schemes with duplicated hardware security are used (RAID, life from several devices, number of channels linking toscho);
  • the servers are locked down, and the location is only open for an hour, which cannot be removed;
  • the right to open the location of servers, and only in one or two cases, in case of emergency, a system for alerting other people has been developed;
  • uninterrupted power supply to servers is ensured
  • normal climatic conditions and operating conditions are ensured;
  • The adjacent servers have a fire alarm and there is no risk of flooding (especially the first and remaining surfaces);
• The network and information infrastructure of the business has been configured correctly:
  • firewalls are installed and configured on all servers;
  • All accounts and computers are authorized at the border, passwords are stored so that they cannot be picked up;
  • System operators have sufficient rights for normal operation of the system, but do not have rights for administrative actions;
  • All computers have anti-virus features installed and enabled;
  • It is important that clients (except network administrators) have no administrative rights on client workstations;
  • access to the Internet and to important information carriers is subject to regulations and restrictions;
  • System audit of the security system may include adjustments;
• The following are the main organizational nutrition options:
  • Clerks have sufficient qualifications to work with 1C and hardware;
  • relevant notifications about the likelihood of violation of operating rules;
  • recognized as materially consistent with the physical element of the information system;
  • all system units are sealed and closed;
  • Particular respect should be given to instructing and supervising office cleaners, alarm workers and electricians. These individuals can, through carelessness, develop harm, which is not equal to the unnecessary harm caused by the undoubted corruption of the system.

Respect! This list is not exhaustive, but merely describes those that are often missed when trying to cope with a complex and expensive information system!

• MS SQL Server, the add-on server and the client part run on different computers, server programs run under the rights of specially created Windows users;
• For MS SQL Server
  • Mixed authorization mode is installed
  • MS SQL users, who should enter the serveradmin role, do not take part from the 1C robot,
  • For every IB 1C, a separate MS SQL system has been created, which does not have privileged access to the server,
  • MS SQL user of one IB does not allow access to other IB;
• Koristuvachs do not allow direct access to the files of the add-on server and MS SQL server
• Operators' work stations are equipped with Windows 2000/XP (not Windows 95/98/Me)

Do not miss the recommendations of system developers and reading the documentation. Important materials for setting up the system are published on the ITS disks in the “Methodological Recommendations” section. I would like to pay special attention to the following statistics:

1. Features of robotic programs using the 1C:Enterprise server
2. Data placement 1C:Enterprises 8.0
3. Update 1C: Enterprise 8.0 by Microsoft Windows users without administrator rights
4. Editing the list of koristuvachs under the name of koristuvach, which does not have administrative rights
5. Adjusting Windows XP SP2 firewall settings for SQL Server 2000 and SQL Server Desktop Engine (MSDE)
6. Adjustment of COM+ Windows XP SP2 parameters for robot server 1C: Enterprise 8.0
7. Configuring firewall parameters in Windows XP SP2 for robot server 1C: Enterprise 8.0
8. Adjusting Windows XP SP2 firewall parameters for HASP License Manager
9. Creating a backup copy of the information database using SQL Server 2000
10. Power supply installed and configured for 1C:Enterprises 8.0 in the “client-server” version(one of the most important articles)
11. Features of setting up Windows Server 2003 during the installation of the 1C:Enterprise 8.0 server
12. Regulating the access of clients to the information base in the client-server version(one of the most important articles)
13. Server 1C: Enterprises and SQL server
14. The procedure for installing 1C:Enterprise 8.0 in the “client-server” version is detailed.(one of the most important articles)
15. Vykoristannya of the downloaded language on the 1C:Enterprises server

However, when reading the documentation, one is critical of the information being removed, for example, the article “Power installation and setup of 1C:Enterprise 8.0 in the “client-server” option” does not accurately describe the rights that are required by customers i USER1CV8SERVER. On the list below, the messages will be listed, for example [ITS1] means the article “Features of working with the 1C:Enterprise server”. All information contained in the statistics is given in the current edition of ITS at the time of writing (since 2006)

Vikorist for the possibility of authorization combined with Windows authorization

From two possible modes of authorization for clients: 1C is installed and combined with Windows OS authorization - according to the possibility of selecting the combined authorization. It is important to allow hackers not to fiddle with too many passwords during the hour of work, rather than to reduce the level of security of the system. However, for those who do not need Windows authorization, it is important to set a password when starting, and then enable 1C authorization for that user. To update the system, it is necessary to remove at least one account manager from any Active Directory structure who can log into the system using 1C authorization.

Creating roles of applied solutions, do not give rights “in reserve”

Each role of the application solution can select the minimum necessary set of rights before completing actions that are relevant to this role. Whose roles can be played independently. For example, to interactively launch external processes, you can create an external role and give them to all contributors who may be involved in external processes.

Conduct regular reviews of registration logs and robot system protocols

If possible, regulate and automate the review of registration logs and robot system protocols. With proper management and regular review of logs (filtering only for important topics), you can immediately detect unauthorized activities or help avoid them at the preparation stage.

Some features of the client-server version

This section describes the specific features of the client-server version and their security. For greater ease of reading, the following notations are accepted:

Respect! bottling description

Saving information that controls access to the system

Save the list of IB accountants

All information about the list of IB account data and the available roles in it is saved in the Params table in the MS SQL database (div. [ITS2]). Looking at the structure of this table, it becomes obvious that all information about accounts is stored in a record with the values ​​of the FileName field – “users.usr”.

So, since we accept that the hackers do not allow access to the MS SQL database, then this fact itself cannot be defended by a criminal, however, once it is possible to create code in MS SQL, this opens the door to denying any (!) access from 1C . The same mechanism (with minor changes) can be used to change the file version of the system, which, due to the characteristics of the file version, completely prevents their stagnation in secure systems.

Saving information about the IB list on the server

Each 1C add-on server stores information about the list of connections to a new MS SQL database. p align="justify"> Each information base for the work of the vikorists includes its own series of connections between the add-on server and the MS SQL server. Information about the registration of information base programs on the server along with connection rows is saved in the file srvrib.lst, which is installed on the server in the catalog<Общие данные приложений>/1C/1Cv8 (for example, C:/Documents and Settings/All Users/Application Data/1C/1Cv8/srvrib.lst). For each IB, a new connection order is saved, which includes the MS SQL user password under the mixed MS SQL authorization model. The very presence of this file allows you to avoid unauthorized access to the MS SQL database, and since it is against the recommendations for access to any database, the privileged user (for example, “sa”), then there is only one threat ї IB is a threat to the entire system that vikoryst MS SQL.

This means that mixed authorization and Windows authorization on the MS SQL server can lead to different types of problems when access to a file is denied. So the key negative authorities of Windows authorization will be:

• Work of all IB on the add-on server and on the MS SQL server under one set of rights (most likely for everything that is excessive)
• Through the process of the 1C add-on server (or in the main version as the user account USER1CV8SERVER or its analogue) without entering a password, you can easily connect to any Internet service without entering a password

On the other hand, an attacker may be able to extract additional code from the user context USER1CV8SERVER in a more complex manner, without deleting the meaning file. Before speaking, the presence of such a file is another argument for the separation of server functions from different computers.

Unfortunately, this file may not be stolen from reading, which is necessary to protect when the laryngeal system is inflamed. The ideal option would be for the add-on server to work on the read and write of this file (including the read and write of the server’s connections).

Duration of authorization when creating IB on the server

Respect! The issue regarding the requirement for authorization was corrected in release 8.0.14 of the 1C:Enterprise platform. In this release, the concept of “1C:Enterprise Server Administrator” appeared, and as long as the list of administrators is specified on the server, the system operates as described below, so do not forget about this possible feature.

Of course, the greatest impact from this section is the ability to possibly add an IB add-on server, as a result of which any user who denies access to the connection to the add-on server automatically denies the ability to run Additional code on the add-on server. Let's look at the butt.

It is to blame but the system has been installed in the current version

• MS SQL Server 2000 (for example, the SRV1 dimension)
• Server 1C:Enterprise 8.0 (mergence SRV2)
• Client part 1C:Enterprise 8.0 (WS management)

It is transferred that the client (hereinafter referred to as USER), who works on WS, wants minimal access to one of the IBs registered on SRV2, but does not have privileged access to SRV1 and SRV2. In general, the use of functions by over-reinsurance computers is leading to the situation. Setting up the system is based on the recommendations in the documentation and on the ITS disks. The situation is shown in Fig. 2.

• set up COM+ security on the add-on server in such a way that 1C users are denied the right to connect to the add-on server process (more details [ITS12]);
• the file srvrib.lst is only accessible for reading by USER1CV8SERVER (for adding new IB to the server, writing is allowed);
• To connect to MS SQL, use only the TCP/IP protocol, in which case you can:
  • separate connections behind a firewall;
  • configure the connection to a non-standard TCP port in order to simplify the connections of “third-party” IB 1C;
  • Vikoristovat encryption of data transfers between the add-on server and the SQL server;
• configure the server firewall so that it is impossible for third-party MS SQL servers to be attacked;
• use internal security measures to prevent an unauthorized computer from appearing in a local boundary (IPSec, group security policies, firewalls, etc.);
• Always do not give administrative rights to USER1CV8SERVER on the add-on server.

Wikipedia for the code that is compiled on the server

If you choose the client-server version of 1C, the developer can distribute the connection code between the client and the add-on server. In order for the code (procedure or function) to be written only on the server, it is necessary to expand it in the main module for which the authority “Server” is set and, if the module is only allowed to be written on the server, to expand the code in the section I'm surrounded by "# Yakshcho Server":

#Yaksto Server Todi
Function On the server (Param1, Param2 = 0) Export // This function, regardless of its simplicity, is configured on the server
Param1 = Param1 + 12;
Turn Param1;
EndFunctions
#KіnetsYakscho

When choosing a code that is compiled on the server, you must ensure that:

• The code is associated with the rights USER1CV8SERVER on the program server (accessible COM objects and server files);
• all sessions of a client are represented by one instance of the service, so, for example, re-stack on the server causes the connection of all active clients;
• the development of server modules is difficult (for example, it is not possible to set a point in the administrator), but may be disabled;
• transferring control from the client to the add-on server and back can extract significant resources with a large number of parameters that are transferred;
• the use of interactive features (forms, spreadsheet documents, dialog boxes), external feedback and code processing on the add-on server is not possible;
• the removal of global changes (changes in program modules, votes from the "Export" settings) is unacceptable;

Report of the Div. [ITS15] and other ITS statistics.

The programs responsible for the server are provided with special attention to reliability. A properly configured client-server system must have the following thoughts:

• no client programs are required to interrupt the server’s operation (except for administrative issues);
• Program code cannot be compiled on the server, removing the client;
• resources must be “fairly” distributed among client connections, ensuring server availability regardless of streaming traffic;
• If there is data blocking, client connections do not have to work alone;
• on the server there is no user interface, otherwise the monitoring and logging functions are damaged;

In general, the 1C system is designed in such a way as to get as close to these data as possible (for example, it is impossible for external processes to be compiled on the server), except for a number of unacceptable features, it is still clear that:

Our top recommendation would be to become familiar with the principles of safety web- Additions for databases and adhere to similar principles. The similarity, in fact, was: first, as a web add-on, the add-on server is an intermediate sphere between the database and the client interface (the main responsibility is that the web server forms the client interface); in another way, from a security point of view, we cannot trust the data being collected from the client, because Possible launch of external sounds and processing.

Transferring parameters

Transferring parameters to a function (procedure) that is configured on the server requires a thin supply of power. This is primarily due to the need to transfer them between the application server and client processes. When control moves from the client part to the server part, all the parameters that are transferred are serialized, transferred to the server, then “unpacked” and retrieved. When moving from the server side to the client side, the process is reversed. Here it is necessary to note that this scheme correctly handles the transfer of parameters to instructions and values. When transferring parameters, the following must be observed:

• It is possible to transfer between the client and the server (on the other hand) non-mutable values ​​(these values ​​​​cannot be changed): primitive types, sent, universal collections, system values, values ​​​​convergent. If you try to transfer something else, the client program crashes (the server is asked to transfer an incorrect parameter).
• When transferring parameters, it is not recommended to transfer large amounts of data (for example, rows of over 1 million characters), as this may negatively affect server productivity.
• It is not possible to transfer parameters to avoid cyclical sending, both from the server to the client and back. If you try to transfer such a parameter, the client programs crash (the server is forced to transfer an incorrect parameter).
• It is not recommended to overstretch even complex data collections. If you try to transfer a parameter with a very high level of input, the server crashes (!).

Respect! The most unwelcome feature at the moment, of course, is the reduction in the transfer of folding collections. So, for example, the code: Investment Rate = 1250;
M = Noviy Masiv;
Parameter = M;
For Account = 1 By RivenInvestment Cycle
MVintr = Noviy Masiv;
M.Dodati(MVInt);
M = MVint;
KіnetsCycle;
Server Function (Passed Parameter);

Bring to the emergency link of the server with the connections of all clients, and this must be done before transferring the server with the code entered by you.

Victimization of unsafe functions on the server side.

Not all features of the downloaded language can be modified in the code that is compiled on the add-on server, but in the middle of the available tools there are no “problematic” designs that can be intellectually classified as follows:

• These days you can specify the ability to write code that does not fit in the configuration ("Window code" group)
• Submitting information about the file and operating system of the customer to the client program or viconting actions not related to the work with the data (“Infringement of rights”)
• Really call out the emergency link of the server or those that even great resources are vikorist (group "Server crash")
• This type is not visible. Example: transferring a mutable value to the server.
• modifications of programming algorithms (unending loops, uninterrupted recursion, etc.) (“Programming modifications”)

The main types of less problematic structures (with butts) are shown below:

Viconati procedure(<Строка>)

Vikonannya code. Allows you to view a fragment of code that is passed to you as a row value. When choosing a server on the server, it is necessary to make sure that the data is not deleted from the client as a parameter. For example, the attack on Vikoristan is unacceptable:

#Yaksto Server Todi
Procedure On the Server (Param1) Export
Viconati (Param1);
KinetsProcedures
#KіnetsYakscho

Type "COMObject" (constructor New COMObject (<Имя>, <Имя сервера>))

Creates a COM object of external programs under the rights USER1CV8SERVER on the application server (or another specified computer). When running on a server, be careful that parameters are not passed through client programs. However, on the server side it is effective to use this ability when importing/exporting, uploading data via the Internet, implementing non-standard functions, etc.

Function OtrimatiCOMObject(<Имя файла>, <Имя класса COM>)

The destruction of rights and viconic code. This is similar to the first step in removing the COM object associated with the file.

Procedures and functions of Computer Name(), Hourly Files Directory(), Programs Directory(), Windows Servers()

Ruined rights. Allow, having logged them in the server, to obtain details of the organization of the server subsystem. When installed on the server, ensure that the data is not transmitted to the client, or is not accessible to operators without authorized permission. I would like to pay special attention to those that the data can be transferred to the parameters sent for the request.

Procedures and functions for working with files (Copy file, Find files, Merge files and many others), as well as file types.

Ruined rights. Allows, having installed them on the server, to revoke shared access to local (and located on the network) files accessible under user rights USER1CV8SERVER. If you are aware that tasks such as importing/exporting data on the server can be effectively implemented.

Before using these functions, be sure to check the rights of the 1C account manager. To verify the user's rights, you can use the following construction in the server module:

#Yaksto Server Todi
Procedure ViconatiRobotWithFile() Export
RoleAdministrator = Metadata.Roles.Administrator;
Koristuvach = ParameterSeance.PotochnyKoristuvac;
Yakshto Koristuvach.Role.Utrimuyut (RoleAdministrator) Todi
//Here the robot code with files is added
KinetsYakscho;
#KіnetsYakscho

Be sure to carefully check the parameters if you are stuck in procedures and functions, otherwise you will avoid the risk of setting the error incorrectly or being aware of incorrect code on the 1C add-on server, for example, when you login to the server code:

Way = "C:\Documents and Settings\All Users\Application Data\1C\1Cv8\";
MoveFile(Way + "srvrib.lst", Way + "WhereFileGone");

After the removal of such code on the server, since the user USER1CV8SERVER has the right to change it, about what was written above, and after restarting the server process (after 3 minutes after the exit of all users), the GREAT nutrition before starting the server. It is also possible to delete files outside of...

Types "XBase", "DvіykovіDani", "ReaderXML", "WriteXML", "RecreateXSL", "WriteZipFile", "ReaderZipFile", "ReaderText", "WriteText"

Ruined rights. Allows, having installed them on the server, to deny access to local (and located on the network) old types of files and download them to read/write under the user rights USER1CV8SERVER. As you are aware, it is possible to effectively implement such tasks as importing/exporting data on the server, logging the operation of certain functions, and senior administrative tasks. In general, the recommendation is to avoid the previous point, but to ensure the possibility of transferring these files (and not objects of all types) between the client and server parts.

Type "System Information"

Ruined rights. Allows, in case of incorrect data transfer to the client part of the program, data about the add-on server can be retrieved. It is important to demarcate the right of the vikoristan.

Types “Internet Connection”, “Internet Mail”, “Internet Proxy”, “HTTP connection”, “FTP connection”

Ruined rights. When the server is disabled, connect to the remote PC from the add-on server with the rights USER1CV8SERVER. Recommendations:

• Controls parameters under the hourly response of methods.
• Control of 1C koristuvach rights.
• Harsh exchange of rights for the user USER1CV8SERVER access to the limit.
• Correctly configure the firewall on the 1C program server.

With the correct choice, you can manually organize, for example, the sending of electronic mail from the program server.

Type "KoristuvachInformationBase Manager", "KoristuvachInformationBase"

Ruined rights. In case of an incorrect wiki (in a privileged module), you can add accounts or change the authorization parameters of other accounts.

Function Format

Kill the server. So! This, as it is an unnecessary function, if you do not control its parameters and login on the server, will cause the server programs to crash. The error appears when formatting numbers and using the mode of displaying leading zeros and a large number of characters, for example

Format(1, "CHZ = 999; CHVN = ");

I am confident that this fix will be fixed in the next release of the platform, but in the meantime, all calls have functions that can be configured on the server, check the settings of the call.

Procedures and functions for saving values ​​(ValueRowInternal,ValueFile)

Kill the server. These functions do not handle cyclical messages in collections and even a large depth of contributions, which can cause crashes in some special cases.

Calculation of boundary and special parameter values ​​of functions. Wikonanny control.

One of the problems that can be encountered when the server is disabled is the high “versatility” of server functions (the possibility of an emergency termination of an entire server application through a fault in one connected and the availability of one “resource space” for all Ikh z'ednan). There is a need to control the basic parameters and timing:

• For the downloaded movie function, check the parameters of the original launch (for example, the “Format” function)
• In times of cycles, reconfigure your brain to get out of the cycle. If the cycle is potentially infinite, surround it with a number of iterations: Maximum value of the Iteration Manager = 1000000;
  Doctor Iteration = 1;
  Buwai
  The function cannotrotate the wrong value()
  I (HealerIteration<МаксимальноеЗначениеСчетчикаИтераций) Цикл

  //.... Body to cycle
  Iteration Doctor = Iteration Doctor + 1;
  KіnetsCycle;
  Like the Iteration Treatment>Maximum Value of the Iteration Treatment
  //.... complete the process of the supernaturally long viconic cycle
  KinetsYakscho;

• If there is a high recursion, limit the maximum level of contribution.
• When forming and composing queries, be careful not to enter too many selections and selections of information (for example, if you select “IN ІЄARCHY”, do not select empty values)
• When designing an information base, ensure that there is a large reserve of capacity for numbers (otherwise the addition and multiplication becomes non-commutative and non-associative, which complicates the setup)
• In the queries, check the logic of the work to detect the value NULL and the correct work of minds and viruses will ask for NULL values.
• With a limited collection, control the possibility of their transfer between the server and the client part of the program.

Vikoristana terminal access to the client part for interconnection of access

• The ability to block the work of other companies by hoarding an enormous amount of resources
• Access to other clients.
• Unauthorized copying of data from the terminal server to the client’s computer

In any case, terminal services allow:

• Increase the reliability of the work (if there is a failure on the computer terminals, the customer can continue the work from the same place)
• Block access to client programs and files that are saved.
• Transfer the calculation of data from the work place of the correspondent to the terminal access server
• The system is more centralized and tuned. To save your money, the settings will be effective regardless of which computer they came from to the system.
• In some situations, you can use a terminal solution for remote access to the system.

It is necessary to separate the number of possible connections from the terminal server of one customer

Due to the “unpretentiousness” of the 1C client program, it is absolutely necessary to interconnect the maximum number of one-hour connections of one customer service provider (operator) to the terminal server. Active connections can use up to 300 MB of memory with just one instance of the program. The memory is actively used by the processor hour, which also ensures the stability of the computer server. At the same time, due to the consumption of over-world resources of the server, such sharing can destroy the resources of someone else's cloud account. Implemented by standard terminal server parameters.

You cannot allow more than one or two 1C client programs to run simultaneously in one connection

It is dictated by the very reasons that the previous paragraph, but it is technically more difficult to implement. The problem is that it is practically impossible to avoid restarting 1C using the terminal server (why will be explained below), so you have to implement this possibility at the level of an application solution (which is also not good solutions, so you may lose a whole hour of ii, what "hang" ) if the program is completed incorrectly, there is a need for further processing of the application solution in the add-on module and additional add-ons in order to complicate the subsequent update in 1C). It is absolutely necessary to deprive the client of the ability to run 2 add-ons for the ability to run actions (for example, forming calls) in the background - the client program, unfortunately, is actually single-threaded.

It is not recommended to give access rights to the terminal server to back-office workers, who may have the right to launch resource-intensive computing tasks in 1C, or to prevent such a launch during the active work hours of other back-office workers.

Of course, access to the terminal server is most likely to be denied only to freelancers who do not specialize in tasks such as data mining, geographic patterns, import/export, and other tasks that seriously affect the client side Well, program it. Since there is still a need to resolve such issues, it is necessary to: inform the account manager about those that these items may be included in the speed code of other account providers, record them in the registration log. At the beginning of the completion of such a process, it will be possible to allow Vikonanny to continue within the regulatory framework.

It is necessary to note that each client has the right to write only to the song directories of the terminal server and other clients do not have access to them.

First of all, if you do not limit the ability to write to hidden directories (such as the directory where 1C is installed), then the ability of an attacker to change the behavior of programs for all users is saved. In another way, the data of one user (time-hour files, saving files for setting up calls, etc.) is in no way responsible for being accessible to another customer's terminal server - the rule is the same when the user is initially set up. Thirdly, the attacker is deprived of the ability to “spot” the partition so that the hard drive does not run out of space. I know, I have to say, that in Windows, starting with Windows 2000, there is a quota mechanism, but there is no cost mechanism, and I practically didn’t notice any real costs.

Since the advance regulation of access to files is generally easy to implement, it is also (in fact) a simple task, as regulating the access of clients to files is not trivial to implement. First of all, if the quota mechanism is not used, large files can be saved. In other words, the system is designed in such a way that you may forever lose the ability to save the file so that it is available to other users.

For doctors whose work remains important, it is recommended to audit most file files.

It is necessary to secure connections (mapping) of disk devices, printers and the client workstation's clipboard.

RDP and ICA have the ability to organize automatic connection of disks, printers, clipboards, com ports of a terminal computer to the server. While this is possible, it is practically impossible to prevent the launch of third-party code on the terminal server and saving 1C data on the terminal access client. Allow as much as possible to persons who may have administrative rights.

Margined file access from a terminal server may involve boundaries.

If you don’t mind, then the koristuvach can still run the wrong code again or save the data. Since the regular registry log does not track file names (before speaking, this is a good idea for implementation by platform vendors), and it is practically impossible to set up a system audit at all levels (it is not possible to obtain resources for its maintenance), in short, so that the customer Feel free to send data or to a friend, or by electronic mail. I would like to pay special attention to those so that the terminal server does not act indirectly with the noble noses of the koristuvachs.

Every time a compromised system is created, it is not possible to deprive the server of add-ons on the terminal server.

Since the server program is launched on one computer with client add-ons, there is a lot of potential for disruption of its normal operation. If for any reason it is impossible to separate the functions of the terminal server and the program server, special respect must be given to the access of users to the files that are used by the program server.

It is necessary to disable the ability to launch all programs other than 1C:Enterprise on the terminal server.

This is one of the most difficult points to remember. It is therefore necessary to properly configure the group security policy in the domain. It is necessary to properly configure all “Administrative Templates” and “Internet Program Policies”. In order to check with yourself, check if you would like such options to be blocked:

The complexity of the implementation of this can often lead to the possibility of launching a “private” 1C session on the terminal server (as with other interconnection programs, it is basically impossible to prevent the launch of 1C using Windows methods).

Insure the exchange of the regular registration journal (every user can use the program from one computer)

Obviously, whenever users open 1C in terminal mode, then the terminal server itself will be recorded in the registry log. The registration log does not indicate which computer the user is connecting to.

Terminal server – protection or spillage?

Also, after looking at the main features of the night terminals, we can say that the potential of the night terminals can help in automation for the part of the calculation of the calculation, and also make the safe system work smoothly. One of the options, when installing a terminal server is most effective, is to launch 1C without Windows Explorer in full-screen mode for users with combined functionality and a specialized interface.

Work of the client part

Wikoristanny Internet Explorer (IE)

One of the main components of the normal work of the client part of 1C is the secondary components of Internet Explorer. Be even more careful with these components.

Respect! First of all, since the spyware or adware module is “attached” to IE, you should be tempted to look at any HTML files in 1C. So far I haven’t caught up with the obvious vicor of this possibility, but I’ve caught up in one of the organization’s acquisitions of the “spygunsky” module of one of the pornographic measures when running 1C (the anti-virus program was not updated, symptom and what was revealed: when the firewall was configured, it was clear that 1C was running on port 80 connect to a porn site). Vlasna, here is another argument to the point that the defense may be complex.

Respect! In another way, the 1C system allows the use of flash movies, ActiveX objects, VBScript in rendered HTML documents, sending data to the Internet, opening PDF files (!), although in the end it asks “open or save.” ... zagalom, everything that amuses the soul. An example of a not entirely reasonable vikoristana of the inspired ability to review and edit HTML:

• Create a new HTML document (File -> New -> HTML document).
• Go to the "Text" tab of a blank document.
• Delete text (completely).
• Go to the "Review" tab of this document
• Using drag-n-drop, you can move a file from an open explorer to the document window from extended SWF files (not Flash movie files), for example from the browser cache, although you can also use a FLASH game for fun.
• What a beauty! You can run a game on 1C!

From the point of view of system security, this is completely wrong. So far, I haven’t noticed any special attacks on 1C through this spillover, but rather, everything will be revealed to the nutritional hour and the value of your information.

There are also a few minor points that emerge when working with the field of an HTML document, but the main ones are two overcorrections. If you want to approach these features creatively, you can organize the truly miraculous interface capabilities of the robot with 1C.

Vikoristana of external sounds and processing.

Respect! External information and processing - on the one hand - a simple way to implement additional additional forms, regulatory information, specialized information, on the other hand - a potential way to bypass a wide range of system security issues. disrupt the work of the add-on server (extraordinary example in “Transfer of parameters”). The 1C system has a special parameter for the set of role rights “Interactively displaying external processing”, but the problem is completely unknown - for continued success, you need to make a strong call to your colleagues, who can interfere with external ones. our other forms, regulations and other standard possibilities for standard implementation solutions From selected external processing. For example, behind the thinking in the UPP, all the main roles of correspondents have the ability to work with additional additional forms, and this, in essence, is the ability to substitute any external processing.

Use of standard mechanisms for standard solutions and platforms (data exchange)

These standard mechanisms are potentially unsafe, and they can be unsettling.

Other lists

Any list (for example, a document or a register of records) can be unzipped or saved in a file in the system. For this purpose, it is enough to use the standard functionality, available from the context menu and the “Dies” menu:

Make sure that everything that is listed in the lists can be found in external files. The only thing you can do is to keep a log of other documents on each other’s servers. For particularly critical forms, it is necessary to customize the action panel associated with the table field that is protected so that the ability to display the list is not available from this panel, and enable the context menu (div. Fig. 6).

Exchange of data between subdivisions

The data exchange format is as simple as described in the documentation. If a user is able to change a number of files, they can make unauthorized changes to the system (in an effort to make it difficult for the user). The ability to create a peripheral database when changing exchange plans for a distributed database may be available to secondary operators.

Standard XML data exchange

The standard data exchange, which is used for exchange between standard configurations (for example, “Trade Management” and “Business Accounting”), has the ability to specify in the exchange rules the data of interest and importance no objects. This is implemented by extracting a file from the file and using the “Vicont()” procedure of the standard processing of file acquisition and retrieval (the “Vicont()” procedure is launched on the client side). Obviously, it’s difficult to create such a fake exchange file, which can be a waste of money. For most of the roles of typical custodians, exchange of money is allowed.

Recommendation: restrict access to XML exchange for most clients (restrict only IB administrators). Maintain protocols for the start of the processing process, saving the exchange file, for example, by sending an email to the IB administrator before downloading.

Vikoristana of universal sounds, especially sound consoles

Another problem is the access of clients for promotions to universal calls, especially the “Call Console” link. This is characteristic of the fact that it allows users to practically write down to IB, and because the 1C rights system (including RLS) is adjusted to be very rigid, it allows users to remove a lot of “lost” information and change The city server will end up asking you to take everything away system resources.

Vikoristannya full-screen mode (desktop mode)

One of the effective ways to organize specialized interfaces with interconnected access to program functionality is the full-screen mode of the main (and, possibly, single) form that is used by the interface. In this case, the availability of food does not matter, for example, the “File” menu and all the functions of the user are interchanged with the possibilities of a modified form. Report of the Div. "Features of implementation of the desktop mode" on the ITS disk.

Backup copy

A backup copy for the client-server version of 1C can be saved in two ways: extracting data from a file with extended dt and creating backup copies using SQL methods. The first method has a lot of shortcomings: exclusive access is required, the creation of a copy takes much longer, in some cases (if the IB structure is damaged) creating an archive is impossible, but there is only one advantage: the minimum size of the archive woo. For a SQL backup, all the details: the backup copy is backed up in the background by the SQL server, due to its simple structure and compactness - this is a very simple process, and as long as the physical integrity of the SQL database is not damaged, the backup copy The size is converted to the original size, and the copy size is matched to the actual size IB at the flared body (do not squeeze). For the additional advantages of the MS SQL backup system, it is more important to use it itself (3 types of backups are allowed: full, differential, copy of the transaction log; there is the possibility of destroying a backup that is regularly backed up; the backup copy and the backup system are started; the ability to transfer is implemented size of required disk space etc.). The main points of organizing a backup in terms of system security are:

• It is necessary to choose a place for storing backup copies in such a way that they are not accessible to users.
• The need to save backup copies on a physical remote MS SQL server (in case of natural disaster, fire, attack, etc.)
• The possibility of granting the right to start a backup copy of a computer that does not allow access to the backup copies.

For more detailed information, go to the MS SQL documentation.

Data encryption

To protect data from unauthorized access, various cryptographic features (both software and hardware) are often used, but their importance lies in the correctness of the format and the covert protection. osti system. We will look at the encryption of data at various stages of transmission and the preservation of data using various advanced features and the main features of system design using various cryptographic features.

You can see a number of main stages of information processing that can be stolen:

• Transfer of data between the client part of the system and the add-on server
• Data transfer between add-on server and MS SQL Server
• Data that is saved on MS SQL Server (data files on a physical disk)
• Encryption of data stored in IB
• External data (one hundred percent IB)

For data that is saved on the client side and on the add-on server (savings for setting up servers, a list of IB, etc.), encryption is only correct in just a few instances and that is not discussed here. With the use of cryptographic features, one must not forget that their use can significantly reduce the productivity of the system.

Secret information about the cryptographic protection of peripheral connections under the TCP/IP protocol.

Without protection, all spills are carefully connected to prevent unauthorized access. For protection, you can encrypt data using the same protocol as the security protocol. To encrypt data that is transmitted in a local network, IPSec, which is provided by the operating system, is most often used.

IPSec features ensure encryption of data transmitted using additional DES and 3DES algorithms, as well as verification of integrity using additional MD5 or SHA1 hash functions. IPSec can function in two modes: transport mode and tunnel mode. The transport mode is best suited for securing connections at local borders. Tunnel mode can be used to organize a VPN connection between adjacent segments of a network or to protect a remote connection to a local network via private data channels.

The main advantages of this approach are:

• The ability to centralize security for additional features of Active Directory.
• The ability to disable unauthorized connections to the add-on server and MS SQL server (for example, it is possible to protect against unauthorized IB access on the add-on server).
• Blame "wiretapping" of traffic.
• There is no need to change the behavior of application programs (for 1C).
• The standard nature of such a solution.

However, this approach has limitations and shortcomings:

• IPSec does not protect data from being sent or heard directly on the computer that receives the data.
• The amount of data that is transmitted over the network is even larger, even without the need for IPSec.
• With IPSec installed, there is even more emphasis on the central processor.

A detailed description of the various IPSec networks is beyond the scope of this article and provides an understanding of the basic principles of operation of the IP protocol. To properly configure the connection protection, please read the accompanying documentation.

It is important to remember several aspects of the licensed area from 1C when organizing a VPN connection. On the right is that, regardless of the number of technical connections, when several segments of the local network are connected, or remote access of a nearby computer to the local network requires the availability of several basic supplies.

Encryption of data during transmission between the client part of the system and the add-on server.

In addition to encryption on the level of the edge protocol, it is possible to encrypt data on the level of the COM+ protocol, which is described in the article “Regulating the access of clients to the information base in the client-server version” of ITS. To implement this, you need to set the Authentication level for calls to “Packet Privacy” for the 1CV8 program in “Component Services”. When this mode is set, the authentication of the packet and its encryption, including data, as well as the authentication and signature of the directory are completed.

Encryption of data when transferred between the add-on server and MS SQL Server

MS SQL Server provides the following features for data encryption:

• It is possible to use Secure Sockets Layer (SSL) when transferring data between the application server and MS SQL Server.
• When using the Multiprotocol proxy library, data is encrypted using RPC. This is potentially weaker than encryption compared to SSL.
• Since the Shared Memory exchange protocol is protected (this means that the add-on server and MS SQL Server are installed on one computer), then encryption is not protected at all costs.

In order to establish the need for encryption of all data transmitted to the MS SQL server, you need to quickly use the "Server Network Utility" utility. Run it and on the “General” tab set the “Force protocol encryption” option. The encryption method is selected carefully from the selected client application (the 1C program server). To use SSL, you must correctly configure the network's certificate service.

In order to set the need for encryption of all data transmitted to the application server, you must quickly use the "Client Network Utility" utility (located in "C:WINNTsystem32cliconfg.exe"). As a first step, on the “General” tab, set the “Force protocol encryption” option.

Be aware that high-speed encryption in this case can have a significant impact on system productivity, especially with high-speed requests that transfer large amounts of information.

In order to better protect the connection between the add-on server and MS SQL Server under the TCP/IP protocol, we can recommend a number of adjustment changes, registered after the procedure.

First, you can install a port that is different from the standard one (port 1433 is used). If you choose to use a non-standard TCP port for data exchange, please note:

• The MS SQL server and the add-on server are guilty of violating the same port.
• If firewalls are installed, this port is subject to permission bottlenecks.
• It is not possible to install a port that can be used by other programs on the MS SQL server. To complete this, you can quickly visit http://www.ise.edu/in-notes/iana/assignments/port-numbers (addresses taken from SQL Server Books Online).
• If you have multiple instances of the MS SQL Server service, you must read the MS SQL documentation (section “Configuring Network Connections”) to configure it.

Alternatively, when configured with the TCP/IP protocol on the MS SQL server, you can install the “Hide server” command, which blocks the views on wide-area requests of this example MS SQL Server service.

Encryption of MS SQL data saved on disk

There is a wide choice of software and hardware options for encrypting data stored on a local disk (this includes Windows’ standard ability to encrypt EFS, eToken key recovery, and third-party encryption programs such as Jetico Bestcrypt or PGPDisk). One of the main tasks that must be taken into account in these ways is the protection of data when it is lost (for example, when the server is stolen). It is clear that Microsoft does not recommend saving MS SQL databases on encrypted media, and the whole thing is encrypted. The main problem with this is a drop in productivity and possible problems with reliability in the event of failures. Another factor that makes life difficult for the system administrator is the need to ensure the availability of all database files at the time of the first launch of the MS SQL service before them (it is important that when connecting an encrypted device, interactive i dii).

To avoid significant losses in system productivity, you can quickly use MS SQL to create databases from multiple files. Of course, in this case, the MS SQL database does not have to be created by the 1C server when the information base is created, but can be created separately. An example of a TSQL script with comments is shown below:

USE master
GO
-- Create a database SomeData,
CREATE DATABASE SomeData
- All data is stored in the file group PRIMARY.
ON PRIMARY
-- The main file of the data of retouching on an encrypted drive (logical drive E:)
-- The initial size is 100 MB, it can be automatically increased to 200 MB
- Crocom 20 MB
(NAME = SomeData1,
FILENAME = "E:\SomeData1.mdf",
SIZE = 100MB,
MAXSIZE = 200,
FILEGROWTH = 2),
-- Another file of data from the retouches on an unencrypted host (logical drive:)
-- and the initial size is 100 MB, it can be automatically increased to the limit
-- disk space with a limit of 5% per stream file (rounded up to 64 KB)
(NAME = SomeData2,
FILENAME = "c:\program files\microsoft sql server\mssql\data\SomeData2.ndf",
SIZE = 100MB,
MAXSIZE = UNLIMITED,
FILEGROWTH = 5%)
LOG ON
- Although the transaction log could also be divided into parts, it would not be possible.
- because This file is changed more frequently and is cleaned regularly (for example, when
- Creating a backup copy of the database).
(NAME = SomeDatalog,
FILENAME = "c:\program files\microsoft sql server\mssql\data\SomeData.ldf",
SIZE = 10MB,
MAXSIZE = UNLIMITED,
FILEGROWTH = 10)
GO
- It would be better to immediately provide the data base to the correspondent, in the name of someone
- Connect to 1C. For which we need to voice the flow base
- I’ll close it tightly,
USE SomeData
GO
-- visonate procedure sp_changedbowner
EXEC sp_changedbowner @loginame = "SomeData_dbowner"

A little information about automatically increasing the size of the data file. When creating databases, file sizes will increase to 10% of the current file size. This is a very good solution for small databases, but not so good for large ones: with a database size of, for example, 20 GB, the file can immediately increase by 2 GB. Although this process will rarely take place, it can take a few tens of seconds (all other transactions are actually idle at this time), and if there is an hour of active work on the database, it can cause problems kі malfunctions. Another negative consequence of the proportional increase, which manifests itself when there is too much disk space, is the likelihood of an immediate failure due to a lack of free space. For example, if a disk partition with a volume of 40 GB contains all the data for one database (more precisely, one file of the entire database), then the critical size of the database file is necessary in any case (even terminally, right up until the overhaul is normal ї robots koristuvach) reorganize saving information The size of the data file is 35 GB. With the installed size, an increase of 10-20 MB can be extended up to 39 GB.

Therefore, although in the selected listing the size of one of the database files with a size of 5% is set, with large database sizes it is better to set the size of one of the database files to 10-20 MB. When the value is set to the size growth period for database files, it is necessary to save them until one of the files in a file group reaches the maximum size, the rule is: files in one file group will grow larger all at once, if all they will be completely filled. Thus, if the SomeData1.mdf file reaches a maximum size of 200 MB, the SomeData2.ndf file will be approximately 1.1 GB in size.

Once such a database is created, where the unprotected files SomeData2.ndf and SomeData.ldf become available to the attacker, it is extremely important to update the database database (including information about the log the original structure of the database) will be distributed among several files, Moreover, key information (about those, for example, which files make up the database) is stored in an encrypted file.

Of course, since the database files are stored using various cryptographic features, the backup (of all files) must not be carried out on unencrypted devices. To ensure archiving of multiple database files, use the basic syntax of the "BACKUP DATABASE" command. Please note that, regardless of the ability to protect the backup copy of the data base with a password (options "PASSWORD=" and "MEDIAPASSWORD=" of the "BACKUP DATABASE" command), such a backup copy is not encrypted!

Encryption of data from the application server and client parts that are stored on disks

In most cases, it is not possible to recognize the correct storage of files vicorized by 1C:Enterprise (client part and add-on server) on the device that is encrypted, through unreasonably high costs, protection, etc. There is a real need to appreciate that the add-on server and client side of the program are used even more often create time clock files. Often these files may be lost after the program is completed, and it is practically impossible to guarantee the deletion of them using 1C methods. In this way, it is necessary to encrypt the directory that is being processed for time-consuming files in 1C, or not saving it on disk using a RAM-drive (the remaining option is not always possible due to the size of the files that are being formed, and can only be used in an operational manner minus the 1C add-on itself :Enterprises).

Data encryption using 1C methods.

The standard capabilities of vicoristic encryption in 1C are reduced to vicoristic objects of work with Zip files with encryption parameters. The following encryption modes are available: the AES algorithm with a key of 128, 192 or 256 bits and an outdated algorithm, which was originally used in the Zip archiver. Zip files encrypted with advanced AES cannot be read by many archivers (WinRAR, 7zip). To create a file that contains encrypted data, you must specify a password and encryption algorithm. The simplest example of the encryption-decryption function, based on this feasibility, is shown below:

Function EncryptData (Data, Password, Encryption Method = Undefined) Export

// Write the data to the file up to the hour. If you've gone far away, whatever tributes you can save can be saved that way.
ValueVFile(Name of TimingFile, Data);

// Write time data to the archive
Zip = New EntryZipFile(Image of TimeFileArchive, Password, Encryption Method);
Zip.Add (Name of Timing File);
Zip.Write();

// Reads data from the extracted archive to the RAM
EncryptedData = NewValueShort(NewDualData(NameTimeFileArchive));

// Timing files – deleted

EndFunctions Function DecryptData(EncryptedData, Password) Export

// Respect! The correctness of the parameters transferred is not verified

// Record transfer of value to file
NameTimeTimeFileArchive = RemoveTimeTimeFile("zip");
DoubleDataArchive = EncryptedData.Remove();
DualDataArchive.Write(NameTimeFileArchive);

// The first file of the carefully recorded archive is downloaded
NameTimeTimeFile = RejectImTimeTimeFile();
Zip = New ReaderZipFile(TimeTimeFileArchiveImage, Password);
Zip.Forcible(Zip.Items, TimeFileName, UpdateModeZipFiles.Do Not Update);

// Reading the records from the file
Data = ValueFile (TimeFileName + "\" + Zip.Elements.Im);

// Visible time clock files
VidalityFile(TimeTimeFile);
Vidality File (Im'ya Timchasovogo File Archive);

Dani's return;

EndFunctions

Of course, this method cannot be called ideal - data is recorded in a time folder in open view, the productivity of the method, frankly speaking, is worse than anywhere else, saving in a database will require a very large amount of space, but not the same a method that is based on the built-in mechanisms of the platform. Moreover, it is superior to many other methods - this method simultaneously encrypts the data packaging. If you need to implement encryption without the shortcomings that this method has, you must either implement them in an external component, or access other libraries through a COM object directory, for example, Vikorists Microsoft CryptoAPI. As a rule, we can set up the encryption/decryption function of the row based on the recovered password.

Function EncryptStringDES(UnencryptedRow, Password)

CAPICOM_ENCRYPTION_ALGORITHM_DES = 2; // This constant is from CryptoAPI

EncryptionMechanism.Content = UnencryptedRow;
Encryption mechanism.Algorithm.Name = CAPICOM_ENCRYPTION_ALGORITHM_DES;
EncryptedRow = Encryption Mechanism.Encrypt();

TurnEncryptedRow;

EndFunctions // Encrypt the StringDES()

Function DecryptStringDES(EncryptRow, Password)

//Uvaga! The parameters are not verified!

Encryption mechanism = New COMObject ("CAPICOM.EncryptedData");
Encryption mechanism.SetSecret(Password);
Try
Encryption Mechanism.Decrypt(EncryptionRow);
Blame
// Invalid password!;
Turned Undesignated;
KinetsProby;

Turning Mechanism Encryption. Content;

EndFunctions // DecryptStringDES()

Please note that before the transfer of an empty value as a row or password in this function, you will not be notified about the payment. The series, after using such an encryption procedure, was reduced to the value of the original. The specificity of this encryption is such that even if you encrypt a row of two, the other rows will NOT be identical.

The main benefits under the hour of the elimination of cryptographic features.

With the use of cryptographic features, the same compromises are often allowed:

Underestimation of the decline in productivity due to the rise of cryptography.

Cryptography is a task that requires a lot of computation (especially algorithms such as DES, 3DES, GOST, PGP). And once the selection of productive and optimized algorithms (RC5, RC6, AES) does not contribute anywhere to the transfer of data from the memory and computational processing. And it is possible to bring to light the capabilities of a wide range of server components (RAID arrays, fringe adapters). When either hardware encryption or hardware recovery of the encryption key is removed, there is an additional small impact on productivity: the speed of transmission between the accessory device and the memory (and the productivity of such a device may not be significantly affected ї roles). With the continued encryption of small data obligations (for example, postal notifications), the increase in the financial burden on the system is not so significant, but in case of total encryption of everything, it may even have an impact on the productivity of the system as a whole.

Underestimation of current capabilities when selecting passwords and keys.

At the moment, the technology's capabilities are such that a key with a value of 40-48 bits can be selected by a small organization, and a key with a value of 56-64 bits can be selected by a large organization. Tobto. It is the fault of the algorithms that are used to create a key, whether 96 or 128 bits. However, most keys are generated using additional hash algorithms (SHA-1, etc.) on the password pad, which is entered by the client. In this type you don’t have to turn the key with 1024 bits. First of all, the most commonly used password is one that is easy to guess. Officials who will make it easier to select, e: vikoristannya less than one register letter; Vykoristannya words, names and expressions in passwords; vikoristannya of known dates, days of people, etc.; selection of “patterns” when generating passwords (for example, 3 letters, then 2 numbers, then 3 letters for the entire organization). A good password must contain a unique sequence of letters from both registers, numbers and division characters. Passwords that are entered from the keyboard up to 7-8 characters long, if these rules are followed, can be selected within a reasonable hour, moreover, if the password is at least 11-13 characters long. The ideal solution is to generate a key using a password, for example, using different smart cards, but in this case it is necessary to provide the ability to protect against wasting the encryption key.

Insecure storage of keys and passwords.

Typical butts for this product are:

• long and complex passwords written on stickers glued to the monitor of the customer.
• saving all passwords for a file that is not stolen (or a stolen file is much weaker for the system itself)
• saving electronic keys in a private location.
• parts of the transfer of electronic keys between merchants.

Do security doors still work when the key lies under the door knob?

The transmission of encrypted data is not safe in the middle.

Before the time of organizing the security system, make sure that you are completing your mission. For example, I was aware of the situation (not related to 1C), if the initial encrypted file was placed openly in a time-sensitive folder, the evidence of which could be safely read. Often, backup copies of encrypted data are hidden and hidden “near” these data.

The use of cryptographic features is not due

If the data being transmitted is encrypted, it cannot be accessed and the data will not be available in their local locations. For example, IPSec services routinely do not neglect the ability to “listen” to traffic on the server side of the program.

In such a manner, in order to avoid any compromises in the case of compromised cryptographic systems, before digging out the traces (at a minimum) create the following.

• Explain:
  • What needs to be stolen?
  • What is the method for protecting the trace of vikoristat?
  • For which plots does the system require security?
  • Who has access to Keruvatime?
  • How do we implement encryption on all required accounts?
• Find a place to store information, a method for sending it across the computer, and a computer that will have access to this information. It is possible to retrieve information about the speed, capacity and short-term measurements before the system is restored, which is useful for optimizing the speed code.
• Assess the impact of the system on different types of attacks.
• Prepare and document your system security plan.
• Assess the economic efficiency (validity) of the system.

Visnovok

Of course, at a glance, it is not possible to show all the aspects related to security in 1C, but you can do the front steps yourself. Of course, this platform cannot be called ideal - it, like many others, has its own problems of organizing a stolen system. This does not necessarily mean that these problems cannot be circumvented, however, perhaps all shortcomings can be eliminated through the correct development, promotion and restoration of the system. Most problems arise from insufficient processing of a specific application solution and the middle of its development. For example, typical solutions without making significant changes simply do not transfer to the world-protected system.

This article demonstrates once again that any complex of security approaches is required to cover all stages of development: development, larynx, system administration, obligatory, organizational approaches. In information systems, the “human factor” itself is the main threat to security. This set of approaches may be reasonable and balanced: there is no sense and it is unlikely that enough money will be seen to organize the defense, which outweighs the data itself.

Company - This is a unique service for buyers, retailers, dealers and affiliate partners. In addition, it is one of the largest online stores in Russia, Ukraine, Kazakhstan, which offers customers a wide assortment, unlimited payment methods, prompt (often meeting) processing of purchases, accelerating the process of completing purchases in a personal they separated.