From: "Marcus Mendes" <[EMAIL PROTECTED]>

> Is it a security risk to leave the Zscheduler pack my Data.fs?

I don't have an answer, but I can clarify the risk. We can use packing
Data.fs as an example application, but the question about security is more

Xron (formerly ZScheduler) does not currently provide any features that deal
with security. Scheduled methods are called thru the interface
(i.e. by handing a URL to Zope as if it had come from a browser client).

For example, suppose you have a scheduled method "Packer" in the root folder
that calls the management method that packs your database. The URL that the
Dispatcher of Xron uses to execute that method is simply: is capable of passing authentication information in the request;
but because Xron does not (yet) supply authentication information, a
scheduled method must be executable by an unauthenticated user.

If the scheduled method performs any privileged functions, then the method
must have proxy roles that give it sufficient privilege. (I'm not sure what
role is required for manage_pack, but there must be one.)

Therefore, any user (who happens to know about your method and about Xron's
calling convention) can pack your Data.fs simply by keying into a browser.

Suppose an unscrupulous person (who happens to know about your method and
about Xron's calling convention) created a program that would make a request
to once every N seconds (easy to do
with Xron!). Could that bring your system to its knees? ...any worse so than
any other repeated request? I don't know the answer. If I were you I'd try
it out.

Can anyone see any other security vulnerabilities here?

I'd be glad to listen to well considered proposals for how Xron should
handle security.

-- Thanks
-- Loren

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to