On Sun, Jan 3, 2010 at 3:17 PM, Sam Bisbee <[email protected]> wrote:
>> >>
>> >> I was thinking we could even add some code which loads the admin
>> >> config into a cookie, and then clears admins. When the tests are done
>> >> it can re-configure the admins.
>> >
>> > This scares me: if the browser/client crashes while the tests are running,
>> > then
>> > you've likely lost your admin config. Also, you're leaving yourself
>> > unprotected
>> > for the length of the tests if it's a live system (doesn't even have to be
>> > production, just on the 'net).
>> >
> [snip]
>> Current trunk has failing tests when Couch isn't in admin party mode.
>> So putting the warning and the option to temporarily remove admins
>> before running tests is a step in the right direction. I think cookie storage
>> for admin config is robust enough for the cases where someone would think of
>> using it... it's essentially a convenience.
>
> Agreed that it's a good band aid. However, is there some way we could store it
> server side? I'm concerned about the security implications. Sniffing the
> config
> from the wire (assuming no HTTPS), browser, or OS file system aside, there is
> the possibility of injection of bad accounts. Better put, it's the pillar of
> security to never trust what the client sends you.
I think there are very few security concerns with the idea. The config
section we'd be storing in the browser state for the duration of the
test run is available to all _admins via HTTP GET against
/_config/admins/
The contents are hashed so they look like this:
{"jchris":"-hashed-58e36b11185d33e61206032e6e99635b854aaaf4,08c90dc21bb2d7dc672cb4305114252a"}
So we'd just clear that setting, and restore it at the end. I don't
think makes things less secure than they are.
I was originally just thinking of a button on the test suite page to
remove all admins from the config, but that's not as convenient as
removing them and then putting them back at the end.
>
> Maybe write it to the OS's temp file space? That way it's safe and if
> something
> crashes you can still easily recover the config. You could even automate the
> recovery if you wanted to, which you couldn't reliably do if it came from the
> client.
>
If losing the admin config would be a big deal, you shouldn't be
running the tests on that node, for a whole host of reasons. That
said, the current state of the art, which is to manually edit the
local.ini file to comment out the admin lines, and then restart the
server, will continue to work regardless of what sugar we add.
Chris
--
Chris Anderson
http://jchrisa.net
http://couch.io
