Brian Topping wrote:
We should think about this a bit.
I've added a Wiki page for a proposal to collect our thinking: http://www.rollerweblogger.org/wiki/Wiki.jsp?page=Proposal_ExternalAuthentication
It seems to be that this could be a good hole for a DOS attack if the authentication was compromised.
How is this situation any different from possible DOS (or worse) attacks if the current authentication is compromised? If you're using an external authentication server we can only assume that it is secure. (We need to make sure that whatever communication channel between Roller and the external auth server is secure -- *that* could result in an additional security weakness.) Am I missing something?
The other consideration for me was that all the information in the rolleruser table is (or can be) in LDAP. What does it mean if someone updates that information? Do we replicate it again? What is the trigger? etc...
These are good questions. Since I haven't really looked at the source I don't know the best answer (if there is a "best" answer) or even the tradeoffs. My inclinations at this time are to be pragmatic and come up with a solution that works well enough with minimum effort. For example: allow the duplication, but consider the LDAP/external server to be the master. Update the data whenever the user logs in or whenever an admin views that user in a Struts form. I suppose there could also be a read-only flag that applies to the user information.
-- Sean
