Hi, I created the tickets but cannot assign or change anything on them - who can edit permissions there ?
thomas On Mon, Feb 1, 2016 at 2:36 PM Serge Huber <[email protected]> wrote: > Hello Thomas, > > I think all your proposition make a lot of sense (of course since we > discussed them first :)). I vote that we first implement a token system and > that we can always improve this further. Ideally we should have one token > per accepted server, not a single one for all external services. > > I see you have already created the ticket, I’ll add your proposition down > here to the ticket for more details. > > cheers, > Serge… > > > > On 1 févr. 2016, at 13:26, Thomas Draier <[email protected]> wrote: > > > > Hi there, > > > > I have some security concerns with the merge actions. Currently, anybody > > can manually send a login event with some properties, and merge his data > > with existing profiles. He can easily corrupt existing profile or get > > private data of this user, as the 2 users will be "merged". > > > > First thing is that, in my opinion, login event should only be accepted > by > > trusted tiers - we need to be able to authenticate the event sender in > some > > way - simple solution would be to use a secret token, but we could > > implement more secure things with a certificate. In all cases, we should > > not let the client send a login event and trigger as user merge on > > untrusted information. > > > > Some properties should not be directly writeable by a user, even on its > own > > profile. Changing the j:nodename property, which is used by the default > > login rule (could be any other property), could be a security issue. > > Actually, the "merge" action should only be done on trusted properties > that > > would be read only, even for their owner. The "systemproperties" map > could > > be a good candidate. Currently the profile end point allows to completely > > save a profile, this should be a little bit restricted. > > > > I also have another concern about profile merging - if a users logs in > with > > 2 different profiles (send 2 login events, with different usernames) , > both > > profiles are merged. This can give some very unexpected results if you > > share your computer with somebody ... Merging one anonymous profile with > an > > identified user make sense, but merging 2 identified profiles look rather > > strange. I would rather switch profile in that case. > > > > What do you think ? > > > > Regard > > > > thomas > >
