Re: [Exist-development] Security

[Hungerburg <pc...@my...>]

Thank you Adam for taking the time to justify your decision. I 
understand that it is not easy on anybody, to feel prommpted to justify 
one’s efforts.

I cannot argue about the cost of 256 vs 160 bytes per digest or 
processing power/number of instructions per digestification (what a 
funny word, should it be digestion :). I consider the SHA reference 
implementation fairly good documented though, and I believe in that it 
has gotten quite a lot of scrutiny by the experts in the field, and so 
it seemed wrong to me, to describe it in such a way.

Just like you, I think security has to be accounted for with a straight 
face. Why not provide the same security as a bank does, if it is 
affordable? World famous Bruce Schneier does not get tired of saying, 
that security is a trade-off. So,

I wish you all a happy bargaining in Prague.

While I will enjoy my beer at home, may I suggest two more points to the 
security debate (in the interest of the eXist project, in my humble view):

# Exposing all of db through the "apps" namespace in addition to the 
"rest" namespace, from the "security is a process" standpoint, does not 
look a good decision. MVC theory instead proposes, to store 
(confidential) data outside of the web-root.

# I have the gut feeling, that by requesting a restricted resource from 
"rest" space, thereby adding credentials via http-auth, that this 
creates a server side session, allowing me to browse "admin.xql" without 
being prompted for login. Rest is said to be stateless, though.

I hope, this sounds sufficiently sober to be considered.

Yours

Peter