[jifty-devel] load_by_cols and access control

Henry Baragar Henry.Baragar at instantiated.ca
Tue Feb 27 10:47:17 EST 2007

On Tuesday, February 27 2007 09:53 am, Jesse Vincent wrote:
> On Tue, Feb 27, 2007 at 09:51:19AM -0500, Henry Baragar wrote:
> > Hello,
> >
> > Is it the intention that load_by_cols (and id) bypass access control?
> >
> > It surprised me, with my current_user_can definition, that I can load a
> > record (using load_by_cols) but not read any of the columns (other than
> > id).  Is there a laod_by_cols wrapper method, similar to _value(),
> > missing from Jifty::Record?
> Often times, the access control decisions depend on the content of the
> record (and there are other ways to load records). 
OK, but load_by_cols could discard the data after examing it to determine that 
access should be denied.

> What attack are you concerned about?
Auditors.  I like that Jifty has fine grain access control at the model level 
and so do the auditors.  I had assumed that the only methods that bypass 
access control are the ones prefixed with "_" and that the only other way to 
bypass access control was through the use of superuser.    Now, I will 
probably have to review all the Jifty::Record methods that we use and inform 
the auditors as to which ones use access control and which ones don't.

Otherwise, because of my mistaken assumptions and the code we have developed 
based on those assumptions, our application behaves unpredictably in corner 
situations.  At worst, this could open a avenue for attack: at best, it could 
affect my reputation because my application appears to be flaky. 


> > Regards,
> > Henry
> > _______________________________________________
> > jifty-devel mailing list
> > jifty-devel at lists.jifty.org
> > http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel

More information about the jifty-devel mailing list