Menu
▾
▴
Re: [Exist-development] Security
|
From: Hungerburg <pc...@my...> - 2012-02-07 10:06:44
|
Am 2012-02-07 10:48, schrieb Thomas White: > > On 6 February 2012 23:14, Hungerburg <pc...@my... > <mailto:pc...@my...>> wrote: > > # Exposing all of db through the "apps" namespace in addition to the > "rest" namespace, from the "security is a process" standpoint, does not > look a good decision. MVC theory instead proposes, to store > (confidential) data outside of the web-root. > > > I agree to expose the whole db under /apps is not a very good idea. When > give access to the db we should limit it to a collection that is > dedicated for this purpose. Something like /db/apps. This way there will > be a clear separation between the data and the applications, nicely > located in a single place. The application's code will access the rest > of the db if and when needed in a controlled manner. The security consideration is that, when data is not reachable, except through the controller, the controller is not responsible for hiding the data. So there is one less mistake, a developer can make, eg. forgetting to shadow some part of db (rest space being disabled). Developers still can make mistakes... > So my proposition is to change the redirection /apps - > /db to /apps > -> /db/apps Of course, this will make app development trickier. A simple app migth still be deployed by unzipping files below a single root in /apps. Where sensitive data is handled, the app would be dual rooted then though. The public part below /apps and the private part below /db/foo for example. Path constructions get more cumbersome, relocating apps will be more difficult too, etc. But for eg. medical records or other personal data, this is a must, isnt it? -- peter |
