[jifty-devel] load_by_cols and access control
Henry Baragar
Henry.Baragar at instantiated.ca
Tue Feb 27 10:47:17 EST 2007
On Tuesday, February 27 2007 09:53 am, Jesse Vincent wrote:
> On Tue, Feb 27, 2007 at 09:51:19AM -0500, Henry Baragar wrote:
> > Hello,
> >
> > Is it the intention that load_by_cols (and id) bypass access control?
> >
> > It surprised me, with my current_user_can definition, that I can load a
> > record (using load_by_cols) but not read any of the columns (other than
> > id). Is there a laod_by_cols wrapper method, similar to _value(),
> > missing from Jifty::Record?
>
> Often times, the access control decisions depend on the content of the
> record (and there are other ways to load records).
>
OK, but load_by_cols could discard the data after examing it to determine that
access should be denied.
> What attack are you concerned about?
>
Auditors. I like that Jifty has fine grain access control at the model level
and so do the auditors. I had assumed that the only methods that bypass
access control are the ones prefixed with "_" and that the only other way to
bypass access control was through the use of superuser. Now, I will
probably have to review all the Jifty::Record methods that we use and inform
the auditors as to which ones use access control and which ones don't.
Otherwise, because of my mistaken assumptions and the code we have developed
based on those assumptions, our application behaves unpredictably in corner
situations. At worst, this could open a avenue for attack: at best, it could
affect my reputation because my application appears to be flaky.
Regards,
Henry
> > Regards,
> > Henry
> > _______________________________________________
> > jifty-devel mailing list
> > jifty-devel at lists.jifty.org
> > http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel
More information about the jifty-devel
mailing list