Re: [Ganglia-developers] Web 2.0 UI code freeze

2011-04-14 Thread Alex Dean 
Here's what I've been working on:

1. Create a login.php script.  This is protected by Apache authentication so 
you can use htpasswd, LDAP, or whatever you want for authentication.  If you're 
able to access this page, your username + a shared secret is hashed  stored in 
a cookie.  The shared secret is stored in Apache config ('SetEnv ganglia-secret 
myreallysecretphrase'), so it can be read only by root.  Users w/o root access 
could still set it in .htaccess, but it wouldn't be as secure.

2. Using Zend_Acl to set up access controls.
 - Anyone can view any public cluster without logging in.
 - Private clusters don't appear until you log in and have permissions to view 
them.
 - You cannot save views or otherwise make changes unless you log in and have 
appropriate permissions.
Basically, there are only 'view' and 'edit' privileges, applied on a 
per-cluster basis.  There's a 'guest' role which applies if you're not 
authenticated, and there's an 'admin' role which has full access.

3. A ganglia-specific authorization system compares your cookie to the Zend_Acl 
list, and decides whether you can or can't do a certain thing.

4. User-editable files like view definitions get moved to 
/var/lib/ganglia/data.  Keeping them out of the web root reduces the danger if 
the code which does the writing is ever exploited.

I've got a lot of this created.  It's rough, but coming together fairly quickly.

Should we maybe release a 'preview' of the new web UI without this stuff?  I 
agree we should get the new UI out in front of more people.  But I do also 
think we need to address the security implications of what we've currently got 
before making an official release.

thoughts?

alex
--
Benefiting from Server Virtualization: Beyond Initial Workload 
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve 
application availability and disaster protection. Learn more about boosting 
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
___
Ganglia-developers mailing list
Ganglia-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-developers

Re: [Ganglia-developers] Web 2.0 UI code freeze

2011-04-14 Thread Vladimir Vuksan 

Seems like a plausible approach. I'd like to see a working version of it
:-). We should really classify usage scenarios ie.

1. Ganglia behind the firewall no access controls needed or Ganglia
protected using Basic Auth
2. Grainy access controls like the ones you have outlined

Beyond that we have potential issues like

1. Whether person has access sanitize input. Exposure here is on the Edit
Optional Graphs and Views and using things like ../.. etc. I already have
parts of input sanitization in edit optional graphs. 
2. XSS and CSRF are dangers with XSS likely easy to fix.

Vladimir

On Thu, 14 Apr 2011 10:17:24 -0500, Alex Dean a...@crackpot.org wrote:
 Here's what I've been working on:
 
 1. Create a login.php script.  This is protected by Apache
authentication
 so you can use htpasswd, LDAP, or whatever you want for authentication. 
If
 you're able to access this page, your username + a shared secret is
hashed
  stored in a cookie.  The shared secret is stored in Apache config
 ('SetEnv ganglia-secret myreallysecretphrase'), so it can be read only
by
 root.  Users w/o root access could still set it in .htaccess, but it
 wouldn't be as secure.
 
 2. Using Zend_Acl to set up access controls.
  - Anyone can view any public cluster without logging in.
  - Private clusters don't appear until you log in and have permissions
to
  view them.
  - You cannot save views or otherwise make changes unless you log in and
  have appropriate permissions.
 Basically, there are only 'view' and 'edit' privileges, applied on a
 per-cluster basis.  There's a 'guest' role which applies if you're not
 authenticated, and there's an 'admin' role which has full access.
 
 3. A ganglia-specific authorization system compares your cookie to the
 Zend_Acl list, and decides whether you can or can't do a certain thing.
 
 4. User-editable files like view definitions get moved to
 /var/lib/ganglia/data.  Keeping them out of the web root reduces the
danger
 if the code which does the writing is ever exploited.
 
 I've got a lot of this created.  It's rough, but coming together fairly
 quickly.
 
 Should we maybe release a 'preview' of the new web UI without this
stuff? 
 I agree we should get the new UI out in front of more people.  But I do
 also think we need to address the security implications of what we've
 currently got before making an official release.
 
 thoughts?
 
 alex

--
 Benefiting from Server Virtualization: Beyond Initial Workload 
 Consolidation -- Increasing the use of server virtualization is a top
 priority.Virtualization can reduce costs, simplify management, and
improve 
 application availability and disaster protection. Learn more about
 boosting 
 the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
 ___
 Ganglia-developers mailing list
 Ganglia-developers@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/ganglia-developers

--
Benefiting from Server Virtualization: Beyond Initial Workload 
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve 
application availability and disaster protection. Learn more about boosting 
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
___
Ganglia-developers mailing list
Ganglia-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-developers