From: Adam R. <ad...@ex...> - 2012-02-05 22:53:10
|
Hey Everyone, I have just merged the Security Branch into trunk as revision 15806. This is the latest round of security changes. The main things to look out for - 1) Permissions should now adhere to the Unix permissions model. All permission checks on core database operations should now be correct. I have documented these in $EXIST_HOME/webapp/security.xml in the 'Operational Permissions' section. 2) Permissions are now rigorously enforced, so if your application relied on lax permissions in eXist-db before then you will need to make some small changes. 3) The 'u' update flag has been removed. Update really always meant the same as Write anyway, so the Write flag covers all writes to Resources now. The execute 'x' flag replaces that. Execute controls the ability to a) Enter a Collection (just like a folder in Unix) and b) to execute an XQuery script (just like shell scripts and bin's in Unix). 4) Default permissions now follow the Unix model of 755 for Collections i.e. rwxr-xr-x (including /db) and 644 for Resources i.e. rw-r--r-- There is the facility in place for a umask, I will begin to expose that along with setUID and setGID options in the near future. NOTE - this means that XQuery scripts are no longer executable by default (from a security perspective, thats important!). You will need to set the 'x' flag on your XQuery scripts appropriately, so you can now control execution by Owner/Group/World/ACL. 5) Password hashing has changed from MD5 to RIPEMD-160. There are too many rainbow tables available for MD5, which makes revealing an MD5 password an absolute snip. RIPEMD-160 should be much tougher to crack, or calculate all permutations. Should anyone ask, I chose RIPEMD-160 over SHA-256 because of political concerns. 6) ACLs and ACEs are done. These will be demo'd in Prague at the eXist-db meetup day and written up shortly after. 7) eXist-db is now multi-realm. As such you can authenticate users from disparate sources transparently. There is now decent support for LDAP (including Active Directory) and embryonic support for OpenID and OAuth. These will also be documented in the near future. 8) There is a new SecurityManager XQuery module of functions. This should be considered the module to use for security, user and permission operations. The equivalent functions in the XMLDB Module are deprecated and any remaining functions will be moved into this module in the near future. If you want to help... I need testing and feedback please :-) -- Adam Retter eXist Developer { United Kingdom } ad...@ex... irc://irc.freenode.net/existdb |