I like this idea, and we can also enforce the security by adding a checkbox to explicitly save with programming rights (off by default).
Maybe not as good as signed scripts, but at least do-able quite easily and quickly. Thanks, 2015-08-28 18:25 GMT+02:00 Caleb James DeLisle <[email protected]>: > Hello All, > > It's been a long time since we first discussed hardening XWiki Programming > Rights > by way of signing scripts in the wiki. As I recall the idea was spawned > some time > around 2011 in a conversation between me and Denis but it has had > difficulty getting > off the ground. Alex Busenius and I worked together on an early crypto API > for XWiki > but we fell short on getting it tied in to the scripting infrastructure. > Denis Gervalle > picked up the task and redeveloped the crypto API but still had not been > able to reach > a consensus on how the Signed Scripts should operate. > > Thanks to James Kettle reporting some arguably-buggy behavior to us, I > started thinking > maybe there is an easier way. I would like to propose a more simple > alternative to see > if the community supports it. > > 1. Introduce a HAS_PR bit to XWikiDocument, if this bit is set then the > document has > programming rights. > > 2. Every time a document is saved (at the database level), if the > contentAuthor does > not have programming rights, we clear the bit. > > 3. The save action will set the bit if appropriate but other methods of > saving a > document will not (to prevent bad scripts from tricking users into > granting PR). > > 4. Upon upgrade, we will do a database migration and any document which > would have > PR now will have the bit set. > > 5. XAR Exports will contain the value of the bit. > > > The idea of the bit is that we can more clearly express intent, if we are > quite sure > that not only does the editor have PR but indeed they *want* to grant it > to the script, > only then do we set the bit. Furthermore the bit is resistant to > schenanigans because > it is inaccessible to velocity scripting, as is an XObject which could > otherwise also > be used for this purpose. > > The bit can reside in the XWD_ELEMENTS field of the xwikidoc table which > is intended > for this purpose. > > WDYT? > > Caleb > > > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > -- Guillaume Delhumeau ([email protected]) Research & Development Engineer at XWiki SAS Committer on the XWiki.org project _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
