On Sun, Jun 11, 2017 at 12:15 PM, Bruno Wolff III <br...@wolff.to> wrote:
> On Fri, Jun 09, 2017 at 21:14:15 -0700, > Ken Tanzer <ken.tan...@gmail.com> wrote: > >> On Fri, Jun 9, 2017 at 5:38 PM, Bruno Wolff III <br...@wolff.to> wrote: >> >> Seems to me they are separate issues. App currently has access to the >> password for accessing the DB. (Though I could change that to ident >> access >> and skip the password.) App 1) connects to the DB, 2) authenticates the >> user (within the app), then 3) proceeds to process input, query the DB, >> produce output. If step 2A becomes irrevocably changing to a >> site-specific >> role, then at least I know that everything that happens within 3 can't >> cross the limitations of per-site access. If someone can steal my >> password >> or break into my backend, that's a whole separate problem that already >> exists both now and in this new scenario. >> > > In situations where a person has enough access to the app (e.g. it is a > binary running on their desktop) to do spurious role changes, they likely > have enough acces to hijack the database connection before privileges are > dropped. > Ah yes, I could see that. In this case it's a web app, so only the server has the DB credentials. I'd really hate it if each client had to be able to access those credentials! Cheers, Ken -- AGENCY Software A Free Software data system By and for non-profits *http://agency-software.org/ <http://agency-software.org/>* *https://agency-software.org/demo/client <https://agency-software.org/demo/client>* ken.tan...@agency-software.org (253) 245-3801 Subscribe to the mailing list <agency-general-requ...@lists.sourceforge.net?body=subscribe> to learn more about AGENCY or follow the discussion.
