Am Mittwoch 24 Februar 2010 15:29:23 schrieb Josef Reidinger: [...] > > From a security point of view it is important to have a complete code > > coverage of RBAC to avoid bypassing the ACLs by using another interface > > (RESTful vs. UI vs. ...) or delegate an automatic and user-defined task > > to the web-application which is then executed with the role of the > > web-app not with the role of the web-yast user (something equal to a cron > > job). > > Because RBAC is just interface and inside it is about distribution > permissions, It works like now..users has individual permissions. Just > administrator manage it with roles, do not directly touch each > permissions. So another interface cannot bypass this permissions.
Then let me reword my statement: From a security point of view it is important to have a complete code coverage of permission checks to avoid bypassing the ACLs by using another interface ... Bye Thomas -- Thomas Biege <[email protected]>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
