hi carsten and ian
thanks for the clarification.
feel asserted that we will report any vulnerabilities to the
sling-security list as we detect them.
what i would love to discuss on the list in general are
ways or possibilities on how we could prevent the strength
and flexibility of sling to turn into a setup that becomes
insecure due to the complexity that comes with what we all
agree is a great thing with a lot of benefit.
for example:
a) instead of training people, imposing strict rules or running after
SlingRepository#loginAdministrative calls (hi sisyphus, welcome back
on earth), wouldn't it be preferable to target this at the root i.e. at
the sling layer? having a way to limit the admin-login to "real" admin
tasks (real in quotes because afaik that separation doesn't exist)?
b) the script execution: that's obviously related to the former with
one additional twist. everyone that can create a script may not only
become admin in sling but also gets file system access.
i don't have a solution at hand for neither of them not to mention a
simple one-line-fix... they are not bugs s.str. (works and works as
designed) but still it would IMO be very cool if there was a way to
get a better and reliable handling for them... these kind of things
would IMO make sling secure by design and by default.
regards
angela
On 3/7/13 7:45 AM, Carsten Ziegeler wrote:
Hi Angela,
you're definitely missinterpreting my sentences - I care, but even
more important the Sling community cares a lot about security.
Sure, we can always do better - but it's important that we work
together as a community on all aspects of Sling - security is of
course an important part here, but we should also think about the
goals of Sling and most importantly our users - of course not
sacrificing security (This is not targeted directly at you, but just a
general statement).
And it's good that you, Lars and others share your experience and
concers, that's really appreciated. Maybe I got a little bit overboard
with my comments, as I'm really disappointed how this discussion went.
And as Ian said, if you are aware of any other security problems which
we didn't noticed, please share your insight (either publically or
private)
Thanks
Carsten
