On 23 Jun 2009, at 14:06, Felix Meschberger wrote:
Hi,
Ian Boston schrieb:
On 23 Jun 2009, at 12:28, Bertrand Delacretaz wrote:
Although Sling might choose to ignore this, I/we (sakai) are going
to need to do something since all our users have write access to
the
repo, and at least 10% of them are Computer Science first year
students just itching to prove their prowess by hacking/defacing an
institutional system :)
Brings back memories ;-)
If we're using a distinct session for script resolution, we might
want
to make its credentials configurable, and setup that user to see
scripts only under /libs and /apps. Would that suit your needs?
yes,
certainly would,
We already have a "securityloader" along the same lines as the
"contentloader" so configuration of that would be easy for us.
The first step will be to use an admin session to access the
scripts. So
you may lock down read-access on these areas, where you deam read-
access
is not suitable.
Forgive me, this might sound dumb (and it wont the fist time).
If the admin session is used to *load* scripts for execute, then
surely it can load scripts from anywhere ?
I agree users wont be able to write or read scripts in the special
area... but my concern is not stopping them reading scripts that might
run, or uploading scripts to somewhere where they can write, but to
stop untrusted scripts from executing.
I the absence of any other control, the admin session will allow
execute of all scripts on the content system.
Please tell me I have missed something, and I am being dumb :)
Ian
Of course, extending this to be able to provide configuration with
credentials of a user to use to access the scripts is simple.
Regards
Felix
