On Thu, Aug 28, 2008 at 11:23 PM, Giuseppe Scrivano
<address@hidden> wrote:
Alexandru IANCU wrote:
> What about security file being a routine? I mean what about giving up
> XML format and write conditions into a scripting language(tcl?!) and
> execute them from code? Why would we need to keep XML format for
> something that can be easily written and understood(by humans) into a
> scripting language?
Because in this way XML can't describe loops, give users the possibility
to write endless programs is dangerous.
Indeed is true, endless programs can cause serious security problems, but we can avoid this 2 ways:
1. simply disabling scripting features like loops -> use script validators(as you said in previous email). So if the script contain for or while statement will not be executed;
2. carefully handling script stack frame calls(stack frame < 2).
A security file is not used
only by the sysadmin by any person who has write access on the server,
for example in the home directories.
Moreover we use XML as it will be possible later to modify it with
external tools, it is not so difficult to understand a security file and
give the possibility to modify it with a GUI application. The same
can't be done with a scripting language.
Also true.
Script languages can't be put into a GUI in a resonable way but there is no need to have GUI when you edit scripts.
Moreover, they have 2 decisive the advantage over XML:
1. are concise and easily understood by humans. In other words, less redundancy more information.
Let's take an example: you have a composed condition from 3-4 simple conditions like this one:
...
<CONDITION name="Http.Host" value="localhost">
<DEFINE name="Http.Trace" value="NO" />
<RETURN value="ALLOW" />
</CONDITION>
<CONDITION name="User.name" value="root">
<RETURN value="ALLOW" />
</CONDITION>
<CONDITION_NOT name="User.name" value="Blackbeard">
<DEFINE name="Http.Trace" value="YES" />
</CONDITION_NOT>
<RETURN value="DENY" />
...
What are the chances to write all this without error and be able to focus on codition also. Or what are the chances when you read it to understand from the start what's there?
You'll definitelly need GUI to edit this because few users will accept to write so much text :)
2. we don't need to code the semantical pharser for this XML(less code => less bugs).
> if we decide to use scripts for rules validators will no longer be
> necessary. This would be another advantage to use a scriping language
> there. We can choose to use more scriping languages not only one.
> What do you think?
Yes, but it can be done by plugins. Because MyServer don't have any
built-in scripting language but they are offered as external modules.
As I wrote before, it can't be the default because offer scripting
possibility means everyone can break the server, it should be done only
when there is really understanding of the troubles it can give.
So we need validators again just to enable/disable script statements.
> if you really want to add this, ok but I think we can live without it
> for now :)
Yes but anyway it is not the most difficult part, we can generalize the
MIME reading code and reuse it here :)
Re-define MIME types is very important. The MIME types manager anyway
needs to be modified to support regex as well.
yes, sure
Regards,
Giuseppe
Andu.