[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnue-dev] Appserver/Common Issues
|
From: |
Derek Neighbors |
|
Subject: |
Re: [Gnue-dev] Appserver/Common Issues |
|
Date: |
23 Nov 2002 12:20:32 -0700 |
> > I think there are some database systems that provide access control by
We can not require this. It goes against the 'mission statement' of the
project. It would be far too limiting in database choices.
> > field. If such a database system is available, I would recommend using it
> > to provide control of the price field. The implication for GNUe and
> > appserver is that the field would need to be traceable from the client side
> > through appserver to the database side. I don't think that was guaranteed
> > in the old GEAS. I hope it can be provided in appserver.
>
> This could work if Appserver logged into the database using the user's
> username. However, our strategy will more probably be Appserver using
> it's own logname to log into the database, and therefore having more
> access rights to the database than the user would have when accessing
> the database directly.
The security MUST be outside of appserver. End of story. The same
security must work the same for all products and it can NOT require
appserver.
Security/Authentication should be happening inside of common.
> > Otherwise, the only way to provide the control is to do it by GNUe
> > functionality, recognizing (and telling prospective users) that the
> > security assurance of such an approach is likely to be less than in other
> > approaches.
>
> If we want to remain portable and database independent, we don't have
> another choice IMHO than doing access control within Appserver. Whether
> this is secure or not only depends on the quality of our own code.
I agree to remain portable and database independent security will need
to reside in GNUe. (it of course can 'use' other security features, but
cant 'demand them'). I do NOT think it should be in Appserver. It needs
to be in common. Appserver then will use it like every other GNUe tool.
--
Derek Neighbors
GNU Enterprise
http://www.gnuenterprise.org
address@hidden
Was I helpful? Let others know:
http://svcs.affero.net/rm.php?r=dneighbo
signature.asc
Description: This is a digitally signed message part
- [Gnue-dev] Appserver/Common Issues, Jan Ischebeck, 2002/11/07
- Re: [Gnue-dev] Appserver/Common Issues, Stanley A. Klein, 2002/11/14
- Re: [Gnue-dev] Appserver/Common Issues, Reinhard Mueller, 2002/11/20
- Re: [Gnue-dev] Appserver/Common Issues, Jan Ischebeck, 2002/11/20
- Message not available
- Re: [Gnue-dev] Appserver/Common Issues, Stanley A. Klein, 2002/11/21
- Re: [Gnue-dev] Appserver/Common Issues, Reinhard Mueller, 2002/11/22
- Re: [Gnue-dev] Appserver/Common Issues, Stanley A. Klein, 2002/11/22
- Re: [Gnue-dev] Appserver/Common Issues, Reinhard Mueller, 2002/11/23
- Re: [Gnue-dev] Appserver/Common Issues,
Derek Neighbors <=
- Re: [Gnue-dev] Appserver/Common Issues, Neil Tiffin, 2002/11/23
- Re: [Gnue-dev] Appserver/Common Issues, Derek Neighbors, 2002/11/23
- Re: [Gnue-dev] Appserver/Common Issues, Stanley A. Klein, 2002/11/23
- Re: [Gnue-dev] Appserver/Common Issues, Stanley A. Klein, 2002/11/23
Re: [Gnue-dev] Appserver/Common Issues, Stanley A. Klein, 2002/11/21
Re: [Gnue-dev] Appserver/Common Issues, Robert Jenkins, 2002/11/23