On Sun, Jan 3, 2010 at 4:02 PM, Chris Anderson <[email protected]> wrote: > On Sun, Jan 3, 2010 at 3:17 PM, Sam Bisbee <[email protected]> wrote: >>> >> >>> >> I was thinking we could even add some code which loads the admin >>> >> config into a cookie, and then clears admins. When the tests are done >>> >> it can re-configure the admins. >>> > >>> > This scares me: if the browser/client crashes while the tests are >>> > running, then >>> > you've likely lost your admin config. Also, you're leaving yourself >>> > unprotected >>> > for the length of the tests if it's a live system (doesn't even have to be >>> > production, just on the 'net). >>> > >> [snip] >>> Current trunk has failing tests when Couch isn't in admin party mode. >>> So putting the warning and the option to temporarily remove admins >>> before running tests is a step in the right direction. I think cookie >>> storage >>> for admin config is robust enough for the cases where someone would think of >>> using it... it's essentially a convenience. >> >> Agreed that it's a good band aid. However, is there some way we could store >> it >> server side? I'm concerned about the security implications. Sniffing the >> config >> from the wire (assuming no HTTPS), browser, or OS file system aside, there is >> the possibility of injection of bad accounts. Better put, it's the pillar of >> security to never trust what the client sends you. > > I think there are very few security concerns with the idea. The config > section we'd be storing in the browser state for the duration of the > test run is available to all _admins via HTTP GET against > /_config/admins/ > > The contents are hashed so they look like this: > > {"jchris":"-hashed-58e36b11185d33e61206032e6e99635b854aaaf4,08c90dc21bb2d7dc672cb4305114252a"} > > So we'd just clear that setting, and restore it at the end. I don't > think makes things less secure than they are. > > I was originally just thinking of a button on the test suite page to > remove all admins from the config, but that's not as convenient as > removing them and then putting them back at the end. > >> >> Maybe write it to the OS's temp file space? That way it's safe and if >> something >> crashes you can still easily recover the config. You could even automate the >> recovery if you wanted to, which you couldn't reliably do if it came from the >> client. >> > > If losing the admin config would be a big deal, you shouldn't be > running the tests on that node, for a whole host of reasons. That > said, the current state of the art, which is to manually edit the > local.ini file to comment out the admin lines, and then restart the > server, will continue to work regardless of what sugar we add. >
I've updated the branch to add this feature. Only, when it came time to restore the admin config, I realized it can't be automated (b/c Futon doesn't know your cleartext password, so it can't add back all the admins.) This isn't insurmountable (put the current user's admin info back before asking them to log in, then put the other admins back) but it would be a lot of code for a non-crucial feature anyway. So I'm leaving it at: remove all admins for you before starting the tests, with a stern warning that you shouldn't run tests on public servers. The changes have been pushed to github: http://github.com/jchris/couchdb/tree/account I'll be pushing this to an Apache branch soon as I think I've got most of the features ready for trunk. Chris -- Chris Anderson http://jchrisa.net http://couch.io
