Re: New method to load user bundles

discuss-gnustep

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New method to load user bundles

From:	David Ayers
Subject:	Re: New method to load user bundles
Date:	Thu, 05 Jun 2003 18:41:44 +0200
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030507

Richard Frith-Macdonald wrote:

Secondly, we might want to provide facility to keep track of changesto bundles (eg store the bundle location andan md5 digest of it in the defaults system) and provide a callbackfacility (with a standard panel built into the gui)to alert the user about changes to bundles that are about to beloaded, and let them accept/refuse the load.


Hello Richard,

Eventhough I tend toward "this is not a GNUstep issue but a generalsecurity issue", I have no real objections in adding such securityfeatures (except that they may give a false sense of security and couldbe hard to maintain). I am a bit concerned though, if this informationis stored in the defaults system.

First, it is user specific, which means each user must somehow securelyset the initial values. Second, the defaults system can be easilymanipulated with scripts. Third the user generally has every right (andsometimes the need) to delete all of his defaults.

I think, if we have any authentification mechanism at all, it should bebased on something "root owned" with possibly some API for a user torequest authentification for a given bundle/library/framework/... for aparticular user. And this API should be password protected (using theuser account).

If we do this, would we also provide some "callback" mechanism fortools? If so, how would the callback for services like gsweb apps,gdomap (or the potential authentification service itself look like?) Ifwe don't, would we actively protect tools at all? If so, I guess theywould simply just not load any non-authenticated code.

I must admit, that I have the impression, that this is more trouble thanit's worth. And I'm not convinced it is a "must have". But feel free toprove me wrong with the "unbreakable free easy-to-maintain securitymechanism" :-)


Cheers,
David

PS: Maybe the simple approach to address the issue at hand, is to add aconfigure/make option to simply (hard-codedly) limit the places thatbundles are loaded from. This doesn't add any real security but itsatisfies the original request (How can I turn this feature off) andseems simple to maintain.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: New method to load user bundles, Jeff Teunissen, 2003/06/02
- Re: New method to load user bundles, Tobias, 2003/06/02
  - Re: New method to load user bundles, Jeff Teunissen, 2003/06/03
    - Re: New method to load user bundles, Alexander Malmberg, 2003/06/03
    - Re: New method to load user bundles, Chris Beaham, 2003/06/05
    - Re: New method to load user bundles, Richard Frith-Macdonald, 2003/06/05
    - Re: New method to load user bundles, Chris Beaham, 2003/06/05
    - Re: New method to load user bundles, David Ayers <=
    - Re: New method to load user bundles, Richard Frith-Macdonald, 2003/06/05
    - Re: New method to load user bundles, David Ayers, 2003/06/05
- Re: New method to load user bundles, Nicolas Roard, 2003/06/02
  - Re: New method to load user bundles, Markus Hitter, 2003/06/03
    - Re: New method to load user bundles, Nicolas Roard, 2003/06/03
- Re: New method to load user bundles, Alexander Malmberg, 2003/06/02

Prev by Date: Re: Problem getting back-art to run
Next by Date: Re: New method to load user bundles
Previous by thread: Re: New method to load user bundles
Next by thread: Re: New method to load user bundles
Index(es):
- Date
- Thread