Mercurial > p > roundup > code

annotate doc/security.txt @ 1599:cc96bf971b33

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
extended date syntax to make range searches even more useful
author Andrey Lebedev <kedder@users.sourceforge.net>
date Tue, 22 Apr 2003 20:53:55 +0000
parents 43ab730ee194
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 ===================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 Security Mechanisms
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 ===================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 910
diff changeset
5 :Version: $Revision: 1.16 $
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 Current situation
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8 =================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 Current logical controls:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12 ANONYMOUS_ACCESS = 'deny'
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
13 Deny or allow anonymous access to the web interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
14 ANONYMOUS_REGISTER = 'deny'
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
15 Deny or allow anonymous users to register through the web interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16 ANONYMOUS_REGISTER_MAIL = 'deny'
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
17 Deny or allow anonymous users to register through the mail interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
18
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
19 Current user interface authentication and controls:
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
20
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
21 - command-line tool access controlled with passwords, but no logical controls
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
22 - CGI access is by username and password and has some logical controls
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
23 - mailgw access is through identification using sender email address, with
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
24 limited functionality available
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
25
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
26 The web interface implements has specific logical controls,
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
27 preventing non-admin users from accessing:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
28
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
29 - other user's details pages
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
30 - listing the base classes (not issues or their user page)
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
31 - editing base classes
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
32
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
33 Issues
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
34 ======
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
35
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
36 1. The current implementation is ad-hoc, and not complete for all `use cases`_.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
37 2. Currently it is not possible to allow submission of issues through email
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
38 but restrict those users from accessing the web interface.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
39 3. Only one user may perform admin functions.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
40 4. There is no verification of users in the mail gateway by any means other
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
41 than the From address. Support for strong identification through digital
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
42 signatures should be added.
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
43 5. The command-line tool has no logical controls.
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents: 877
diff changeset
44 6. The anonymous control needs revising - there should only be one way to be
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents: 877
diff changeset
45 an anonymous user, not two (currently there is user==None and
907
38a74d1351c5 documentation updates
Richard Jones <richard@users.sourceforge.net>
parents: 905
diff changeset
46 user=='anonymous').
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
47
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
48
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
49 Possible approaches
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
50 ===================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
51
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
52 Security controls in Roundup could be approached in three ways:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
53
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 910
diff changeset
54 1) at the hyperdb level, with read/write/modify permissions on classes, items
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 910
diff changeset
55 and item properties for all or specific transitions.
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
56 2) at the user interface level, with access permissions on CGI interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
57 methods, mailgw methods, roundup-admin methods, and so on.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
58 3) at a logical permission level, checked as needed.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
59
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
60 In all cases, the security built into roundup assumes restricted access to the
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
61 hyperdatabase itself, through Operating System controls such as user or group
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
62 permissions.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
63
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
64
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
65 Hyperdb-level control
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
66 ---------------------
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
67
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
68 Control is implemented at the Class.get, Class.set and Class.create level. All
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 910
diff changeset
69 other methods must access items through these methods. Since all accesses go
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
70 through the database, we can implement deny by default.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
71
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
72 Pros:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
73
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
74 - easier to implement as it only affects one module
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
75 - smaller number of permissions to worry about
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
76
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
77 Cons:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
78
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
79 - harder to determine the relationship between user interaction and hyperdb
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
80 permission.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
81 - a lot of work to define
1089
43ab730ee194 instance -> tracker, node -> item
Richard Jones <richard@users.sourceforge.net>
parents: 910
diff changeset
82 - must special-case to handle by-item permissions (editing user details,
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
83 having private messages)
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
84
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
85
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
86 User-interface control
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
87 ----------------------
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
88
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
89 The user interfaces would have an extra layer between that which
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
90 parses the request to determine action and the action method. This layer
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
91 controls access. Since it is possible to require methods be registered
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
92 with the security mechanisms to be accessed by the user, deny by default
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
93 is possible.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
94
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
95 Pros:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
96
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
97 - much more obvious at the user level what the controls are
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
98
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
99 Cons:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
100
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
101 - much more work to implement
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
102 - most user interfaces have multiple uses which can't be covered by a
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
103 single permission
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
104
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
105 Logical control
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
106 ---------------
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
107
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
108 At each point that requires an action to be performed, the security mechanisms
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
109 are asked if the current user has permission. Since code must call the
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
110 check function to raise a denial, there is no possibility to have automatic
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
111 default of deny in this situation.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
112
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
113 Pros:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
114
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
115 - quite obvious what is going on
870
a3de8f9b2ede more thoughts... almost there I think
Richard Jones <richard@users.sourceforge.net>
parents: 865
diff changeset
116 - is very similar to the current system
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
117
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
118 Cons:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
119
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
120 - large number of possible permissions that may be defined, possibly
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
121 mirroring actual user interface controls.
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
122 - access to the hyperdb must be strictly controlled through program code
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
123 that implements the logical controls.
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
124
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
125
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
126 Action
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
127 ======
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
128
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
129 The CGI interface must be changed to:
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
130
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
131 - authenticate over a secure connection
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
132 - use unique tokens as a result of authentication, rather than pass the user's
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
133 real credentials (username/password) around for each request (this means
840
e07e5903c3b4 Updated documents
Richard Jones <richard@users.sourceforge.net>
parents: 811
diff changeset
134 sessions and hence a session database)
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
135 - use the new logical control mechanisms
875
d19dd123bda2 just some formatting and a minor clarification.
Richard Jones <richard@users.sourceforge.net>
parents: 871
diff changeset
136
865
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
137 - implement the permission module
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
138 - implement a Role editing interface for users
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
139 - implement htmltemplate tests on permissions
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
140 - switch all code over from using config vars for permission checks to using
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
141 permissions
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
142 - change all explicit admin user checks for Role checks
865
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
143 - include config vars for initial Roles for anonymous web, new web and new
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
144 email users
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
145
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
146 The mail gateway must be changed to:
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
147
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
148 - use digital signatures
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
149 - use the new logical control mechanisms
875
d19dd123bda2 just some formatting and a minor clarification.
Richard Jones <richard@users.sourceforge.net>
parents: 871
diff changeset
150
865
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
151 - switch all code over from using config vars for permission checks to using
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
152 permissions
261a71cb7f7f Some refinements
Richard Jones <richard@users.sourceforge.net>
parents: 840
diff changeset
153
774
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
154 The command-line tool must be changed to:
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
155
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
156 - use the new logical control mechanisms (only allowing write
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
157 access by admin users, and read-only by everyone else)
811475894dd9 More thoughts
Richard Jones <richard@users.sourceforge.net>
parents: 728
diff changeset
158
728
d341cd0e7689 Latest thoughts.
Richard Jones <richard@users.sourceforge.net>
parents: 725
diff changeset
159
Roundup Issue Tracker: http://roundup-tracker.org/