Hi, I'll create a ticket for this issue. Can I commit somewhere a fix, or should I wait, as the release process is not over yet ?
Thomas On Mon, Feb 1, 2016 at 1:30 PM Jean-Baptiste Onofré <[email protected]> wrote: > Hi Thomas, > > good point. I think we should avoid to merge 2 identified profiles as I > don't see a valid use case (merging makes sense only for anonymous > profile IMHO). > > Regards > JB > > On 02/01/2016 01:26 PM, Thomas Draier wrote: > > Hi there, > > > > I have some security concerns with the merge actions. Currently, anybody > > can manually send a login event with some properties, and merge his data > > with existing profiles. He can easily corrupt existing profile or get > > private data of this user, as the 2 users will be "merged". > > > > First thing is that, in my opinion, login event should only be accepted > by > > trusted tiers - we need to be able to authenticate the event sender in > some > > way - simple solution would be to use a secret token, but we could > > implement more secure things with a certificate. In all cases, we should > > not let the client send a login event and trigger as user merge on > > untrusted information. > > > > Some properties should not be directly writeable by a user, even on its > own > > profile. Changing the j:nodename property, which is used by the default > > login rule (could be any other property), could be a security issue. > > Actually, the "merge" action should only be done on trusted properties > that > > would be read only, even for their owner. The "systemproperties" map > could > > be a good candidate. Currently the profile end point allows to completely > > save a profile, this should be a little bit restricted. > > > > I also have another concern about profile merging - if a users logs in > with > > 2 different profiles (send 2 login events, with different usernames) , > both > > profiles are merged. This can give some very unexpected results if you > > share your computer with somebody ... Merging one anonymous profile with > an > > identified user make sense, but merging 2 identified profiles look rather > > strange. I would rather switch profile in that case. > > > > What do you think ? > > > > Regard > > > > thomas > > > > -- > Jean-Baptiste Onofré > [email protected] > http://blog.nanthrax.net > Talend - http://www.talend.com >
