Hi Chris, >> Yes, but also not much use, IMO. It's about the same thing as storing >> images as BLOB fields in a database as opposed to just dropping the images >> into a directory as a jpg file and linking to it. > > There are some differences though. In general, if I put something > that the web server needs *write* access on the filesystem, then I > have to assume that it could be compromised, either by a bug in our > software, or by a bug in other software running on the same web > server. If we put it in the db, then the web server itself only has > permission to access the file based on the credentials of the > currently logged in user. I suspect that there may be some serious > security gains if we can get to the point where the main application > doesn't need write access to the filesystem at all.
What kind of security/access control does lsmb have now and how granular is it? (Just a pointer to a document will suffice, thanks). Is it normally setup to use ssl/tls or just basic authentication? Where are PDF files created using LaTeX? (and associated work files) Normally the latex 'compiler' needs write access in the filesystem. > I don't actually think that all templates need to go in the db, just > the user editable ones. > > One way or another, we have to have strong enforcement for HTML > templates and these need to be sufficiently strong to prevent other > web applications in the same server from being able to write to those > files. The filesystem really isn't designed to do this, > unfortunately. Certainly. Just run a copy of Apache with a different UID/GID than any others on the box and force the ownership/permissions to match. >> This would also not be a 'good thing' for performance if there are already >> conerns over lsmb performance and the use of mod_perl. > > Well, right now, the major performance concerns are in page load. > This can be an issue if you have to worry about the responsiveness of > an application for each line of a 100-line invoice you add. On the > other hand, waiting an extra half-second for the template isn't the > same sort of workflow bottleneck. So the performance issues are in the database pulling up the invoice values? > I am more worried about being able to exploit loadable templates in > this way. I don't understand what is exploitable about a template..(?) Sorry. > I think restricting access in the db and sanitizing the > template before it is saved (and the input before it is rendered) is > likely to be the easiest and most robust way to prevent arbitrary > malicious users from breaking into the application. Hmm. Not sure about that, but again, I'm not clear about the issues. Les > But I am open to other suggestions. > > Best Wishes, > Chris Travers > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Ledger-smb-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Ledger-smb-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
