Mercurial > p > roundup > code
annotate doc/security.txt @ 928:23c9d4f86380
Added the web access and email access permissions..
...so people can restrict access to users who register through the
email interface (for example). Also added "security" command to the
roundup-admin interface to display the Role/Permission config for an
instance.
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Thu, 01 Aug 2002 00:56:22 +0000 |
| parents | 299f4890427d |
| children | 43ab730ee194 |
| rev | line source |
|---|---|
|
725
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1 =================== |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2 Security Mechanisms |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3 =================== |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
4 |
|
910
299f4890427d
documentation reorg post-new-security
Richard Jones <richard@users.sourceforge.net>
parents:
907
diff
changeset
|
5 :Version: $Revision: 1.15 $ |
|
725
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
6 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
7 Current situation |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
8 ================= |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
9 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
10 Current logical controls: |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
11 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
12 ANONYMOUS_ACCESS = 'deny' |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
13 Deny or allow anonymous access to the web interface |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
14 ANONYMOUS_REGISTER = 'deny' |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
15 Deny or allow anonymous users to register through the web interface |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
16 ANONYMOUS_REGISTER_MAIL = 'deny' |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
17 Deny or allow anonymous users to register through the mail interface |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
18 |
|
774
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
19 Current user interface authentication and controls: |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
20 |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
21 - command-line tool access controlled with passwords, but no logical controls |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
22 - CGI access is by username and password and has some logical controls |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
23 - mailgw access is through identification using sender email address, with |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
24 limited functionality available |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
25 |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
26 The web interface implements has specific logical controls, |
|
725
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
27 preventing non-admin users from accessing: |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
28 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
29 - other user's details pages |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
30 - listing the base classes (not issues or their user page) |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
31 - editing base classes |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
32 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
33 Issues |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
34 ====== |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
35 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
36 1. The current implementation is ad-hoc, and not complete for all `use cases`_. |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
37 2. Currently it is not possible to allow submission of issues through email |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
38 but restrict those users from accessing the web interface. |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
39 3. Only one user may perform admin functions. |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
40 4. There is no verification of users in the mail gateway by any means other |
|
774
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
41 than the From address. Support for strong identification through digital |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
42 signatures should be added. |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
43 5. The command-line tool has no logical controls. |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
877
diff
changeset
|
44 6. The anonymous control needs revising - there should only be one way to be |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
877
diff
changeset
|
45 an anonymous user, not two (currently there is user==None and |
|
907
38a74d1351c5
documentation updates
Richard Jones <richard@users.sourceforge.net>
parents:
905
diff
changeset
|
46 user=='anonymous'). |
|
725
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
47 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
48 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
49 Possible approaches |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
50 =================== |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
51 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
52 Security controls in Roundup could be approached in three ways: |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
53 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
54 1) at the hyperdb level, with read/write/modify permissions on classes, nodes |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
55 and node properties for all or specific transitions. |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
56 2) at the user interface level, with access permissions on CGI interface |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
57 methods, mailgw methods, roundup-admin methods, and so on. |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
58 3) at a logical permission level, checked as needed. |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
59 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
60 In all cases, the security built into roundup assumes restricted access to the |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
61 hyperdatabase itself, through Operating System controls such as user or group |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
62 permissions. |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
63 |
|
774
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
64 |
|
725
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
65 Hyperdb-level control |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
66 --------------------- |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
67 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
68 Control is implemented at the Class.get, Class.set and Class.create level. All |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
69 other methods must access nodes through these methods. Since all accesses go |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
70 through the database, we can implement deny by default. |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
71 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
72 Pros: |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
73 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
74 - easier to implement as it only affects one module |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
75 - smaller number of permissions to worry about |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
76 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
77 Cons: |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
78 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
79 - harder to determine the relationship between user interaction and hyperdb |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
80 permission. |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
81 - a lot of work to define |
|
728
d341cd0e7689
Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents:
725
diff
changeset
|
82 - must special-case to handle by-node permissions (editing user details, |
|
d341cd0e7689
Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents:
725
diff
changeset
|
83 having private messages) |
|
d341cd0e7689
Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents:
725
diff
changeset
|
84 |
|
725
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
85 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
86 User-interface control |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
87 ---------------------- |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
88 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
89 The user interfaces would have an extra layer between that which |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
90 parses the request to determine action and the action method. This layer |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
91 controls access. Since it is possible to require methods be registered |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
92 with the security mechanisms to be accessed by the user, deny by default |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
93 is possible. |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
94 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
95 Pros: |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
96 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
97 - much more obvious at the user level what the controls are |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
98 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
99 Cons: |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
100 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
101 - much more work to implement |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
102 - most user interfaces have multiple uses which can't be covered by a |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
103 single permission |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
104 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
105 Logical control |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
106 --------------- |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
107 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
108 At each point that requires an action to be performed, the security mechanisms |
|
728
d341cd0e7689
Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents:
725
diff
changeset
|
109 are asked if the current user has permission. Since code must call the |
|
d341cd0e7689
Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents:
725
diff
changeset
|
110 check function to raise a denial, there is no possibility to have automatic |
|
725
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
111 default of deny in this situation. |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
112 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
113 Pros: |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
114 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
115 - quite obvious what is going on |
|
870
a3de8f9b2ede
more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents:
865
diff
changeset
|
116 - is very similar to the current system |
|
725
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
117 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
118 Cons: |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
119 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
120 - large number of possible permissions that may be defined, possibly |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
121 mirroring actual user interface controls. |
|
774
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
122 - access to the hyperdb must be strictly controlled through program code |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
123 that implements the logical controls. |
|
725
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
124 |
|
2a563dbacd65
Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
125 |
|
774
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
126 Action |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
127 ====== |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
128 |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
129 The CGI interface must be changed to: |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
130 |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
131 - authenticate over a secure connection |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
132 - use unique tokens as a result of authentication, rather than pass the user's |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
133 real credentials (username/password) around for each request (this means |
|
840
e07e5903c3b4
Updated documents
Richard Jones <richard@users.sourceforge.net>
parents:
811
diff
changeset
|
134 sessions and hence a session database) |
|
774
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
135 - use the new logical control mechanisms |
|
875
d19dd123bda2
just some formatting and a minor clarification.
Richard Jones <richard@users.sourceforge.net>
parents:
871
diff
changeset
|
136 |
|
865
261a71cb7f7f
Some refinements
Richard Jones <richard@users.sourceforge.net>
parents:
840
diff
changeset
|
137 - implement the permission module |
|
261a71cb7f7f
Some refinements
Richard Jones <richard@users.sourceforge.net>
parents:
840
diff
changeset
|
138 - implement a Role editing interface for users |
|
261a71cb7f7f
Some refinements
Richard Jones <richard@users.sourceforge.net>
parents:
840
diff
changeset
|
139 - implement htmltemplate tests on permissions |
|
261a71cb7f7f
Some refinements
Richard Jones <richard@users.sourceforge.net>
parents:
840
diff
changeset
|
140 - switch all code over from using config vars for permission checks to using |
|
261a71cb7f7f
Some refinements
Richard Jones <richard@users.sourceforge.net>
parents:
840
diff
changeset
|
141 permissions |
|
905
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
142 - change all explicit admin user checks for Role checks |
|
865
261a71cb7f7f
Some refinements
Richard Jones <richard@users.sourceforge.net>
parents:
840
diff
changeset
|
143 - include config vars for initial Roles for anonymous web, new web and new |
|
261a71cb7f7f
Some refinements
Richard Jones <richard@users.sourceforge.net>
parents:
840
diff
changeset
|
144 email users |
|
774
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
145 |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
146 The mail gateway must be changed to: |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
147 |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
148 - use digital signatures |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
149 - use the new logical control mechanisms |
|
875
d19dd123bda2
just some formatting and a minor clarification.
Richard Jones <richard@users.sourceforge.net>
parents:
871
diff
changeset
|
150 |
|
865
261a71cb7f7f
Some refinements
Richard Jones <richard@users.sourceforge.net>
parents:
840
diff
changeset
|
151 - switch all code over from using config vars for permission checks to using |
|
261a71cb7f7f
Some refinements
Richard Jones <richard@users.sourceforge.net>
parents:
840
diff
changeset
|
152 permissions |
|
261a71cb7f7f
Some refinements
Richard Jones <richard@users.sourceforge.net>
parents:
840
diff
changeset
|
153 |
|
774
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
154 The command-line tool must be changed to: |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
155 |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
156 - use the new logical control mechanisms (only allowing write |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
157 access by admin users, and read-only by everyone else) |
|
811475894dd9
More thoughts
Richard Jones <richard@users.sourceforge.net>
parents:
728
diff
changeset
|
158 |
|
728
d341cd0e7689
Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents:
725
diff
changeset
|
159 |