[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-users] N ew version of Hamoa (v. 1.0ß)
|
From: |
Jamie Lawrence |
|
Subject: |
Re: [Phpgroupware-users] N ew version of Hamoa (v. 1.0ß) |
|
Date: |
Mon, 3 Feb 2003 14:30:45 -0500 |
|
User-agent: |
Mutt/1.5.3i |
On Mon, 03 Feb 2003, Alexandros Gougousoudis wrote:
> Hi Chris,
>
> > If I understand correctly, this require me basicaly give
> > every workstation
>
> The problem is, that it must be possible for a client to delete an event via
> ODBC. But you're right the security model is still not thought until the
> end, we'll do better later.
[...]
Hi -
I'm not a contributer to PHPgw, although we do use a heavily modified
version (sorry we don't give back much - we don't have the time to take
part).
Just wanted to say that if you're building an application with security
requirements, this is exactly the wrong way to go about it. While there
is no One True Methodology, a couple of things stand out, both in my
experience and in the literatures:
- Understand the threat model. This is economics, and probably won't be
a useful topic of conversation here.
- model inputs. Understand the methods of submission and know ahead of
time what you're going to do with them. (some other axioms come out
of this, along the lines of "reject what is not explicitly allowed"
and "know the interactions between different realms of code". Threat
modeling comes into this.
- Code for least privilidge. This is less useful in an groupware
application striving for usability, but is all-the-more important in
that context.
I'm just trying to provide constructive hints. Perhaps if you need to
provide ODBC, a separate user group with specific resrictions could be
used for those specific actions (I'm not sure MySQL provides this -
I'm used to Postgres).
Just a thought.
-j
--
Jamie Lawrence address@hidden
"If I were Jimmy Carter, I wouldn't let Elizabeth Taylor anywhere
near a hammer."
- Kimberly Peterson