Menu
▾
▴
[Exist-open] [HEADS-UP] Merge in of Security Branch
|
From: Adam R. <ad...@ex...> - 2012-02-05 22:53:10
|
Hey Everyone,
I have just merged the Security Branch into trunk as revision 15806.
This is the latest round of security changes. The main things to look
out for -
1) Permissions should now adhere to the Unix permissions model. All
permission checks on core database operations should now be correct. I
have documented these in $EXIST_HOME/webapp/security.xml in the
'Operational Permissions' section.
2) Permissions are now rigorously enforced, so if your application
relied on lax permissions in eXist-db before then you will need to
make some small changes.
3) The 'u' update flag has been removed. Update really always meant
the same as Write anyway, so the Write flag covers all writes to
Resources now. The execute 'x' flag replaces that. Execute controls
the ability to a) Enter a Collection (just like a folder in Unix) and
b) to execute an XQuery script (just like shell scripts and bin's in
Unix).
4) Default permissions now follow the Unix model of 755 for
Collections i.e. rwxr-xr-x (including /db) and 644 for Resources i.e.
rw-r--r--
There is the facility in place for a umask, I will begin to expose
that along with setUID and setGID options in the near future.
NOTE - this means that XQuery scripts are no longer executable by
default (from a security perspective, thats important!). You will need
to set the 'x' flag on your XQuery scripts appropriately, so you can
now control execution by Owner/Group/World/ACL.
5) Password hashing has changed from MD5 to RIPEMD-160. There are too
many rainbow tables available for MD5, which makes revealing an MD5
password an absolute snip. RIPEMD-160 should be much tougher to crack,
or calculate all permutations. Should anyone ask, I chose RIPEMD-160
over SHA-256 because of political concerns.
6) ACLs and ACEs are done. These will be demo'd in Prague at the
eXist-db meetup day and written up shortly after.
7) eXist-db is now multi-realm. As such you can authenticate users
from disparate sources transparently. There is now decent support for
LDAP (including Active Directory) and embryonic support for OpenID and
OAuth. These will also be documented in the near future.
8) There is a new SecurityManager XQuery module of functions. This
should be considered the module to use for security, user and
permission operations. The equivalent functions in the XMLDB Module
are deprecated and any remaining functions will be moved into this
module in the near future.
If you want to help... I need testing and feedback please :-)
--
Adam Retter
eXist Developer
{ United Kingdom }
ad...@ex...
irc://irc.freenode.net/existdb
|