Re: [Tauruslib-users] Help to implement access control on TAURUS based application

[Carlos P. <cpa...@ce...>]

Hi Kalyani,

I hope you do not mind me posting my reply to the users mailing list. I think this is a topic that 
may interest other users as well, plus also maybe other users have implemented something 
apart of what it is distributed in Taurus.

See the rest of my reply below your question:

On Wed 8 June 2016 10:59:30 Kalyani wrote:
> We  need to implement authentication mechanism in our control system 
> application based on TANGO framework. We are looking for user level 
> access control(Access for device server, devices and commands) at
> TAURUS  GUI level. Are there any tools or access control mechanism
> provided by  TAURUS. Could you please share the details with us. It
> would be also  helpful if you could share the details of any existing
> control system  that uses access control.  It would be great help for
> us.


There are a few related mechanisms":

- You can interface with the Tango Access Control [1] via Taurus, but there are no specific taurus 
widgets for that (although maybe someone has already implemented them on their own).
- TaurusGui [2] provides the "lock view" mechanism (to prevent inadvertent changes of 
appearance) as well as perspectives (which can be used for providing "basic" and "expert" modes 
in the GUI)
- You can use filters in TaurusAttributeForm and TaurusCommandForm to avoid showing 
controls for arbitrary attributes or commands [3]
- There is the TaurusLockButton [4] and the TangoDevice lock API [5]


BUT, if what you are after is some kind of user authentication mechanism *at Taurus GUI level* 
that requires the user to authenticate before he/she can access a resource (e.g. to write a to 
certain attribute) and/or access parts of a GUI (e.g., to switch to a certain perspective, or to 
unlock the view), then you need to first consider the kind of (ab)use you want to protect against:

a) Unintentional access to resources (aka "dumb user inadvertently messing with some critical 
component")

b) Non-malicious but intentional attempt to bypass Taurus-based restrictions

c) Malicious attempts to disrupt/abuse the system


Protecting against c) is, IMHO impossible in a Tango-based system. Tango is "by design" insecure  
(communications are not authenticated or otherwise protected, so they can be eavesdropped 
and tampered with). See [1].

Protecting against b) **may** be possible but **only at Tango level** (i.e. using Tango Access 
Control). But note that this would be a protection at Tango level, not at Taurus GUI level. Keep 
in mind that a user facing a restriction in a Taurus GUI can always just copy the GUI code, edit it 
to bypass the restriction and run the modified code instead of the original. Furthermore, a user 
could just use PyTango, or jive to circumvent any Taurus-imposed restrictions.

So, this leaves us with only a) as a realistic "threat" to protect against at the Taurus level. And 
IMHO, confirmation messages that require some sort of "captcha" (e.g.: "This is may be 
dangerous. To confirm that you are really sure, please type 'yes please let me do it'")  are more 
effective and easier to implement in  this case than user authentication mechanisms.
But if someone insists on going the "user authentication way", I would suggest to use any of the 
existing python modules to interact with the OS authentication mechanisms (python-ldap, 
python-pam, etc) rather than implementing a naive home-made solution which may end up 
being a source of leaked passwords and give a false security feeling.


I hope this answer is useful. Note that I may have overlooked something. Please send any 
comments by replying on the mailing list.

Cheers,

Carlos

[1] See section 3.7 of http://ftp.esrf.fr/pub/cs/tango/tango_92.pdf
[2] http://www.taurus-scada.org/en/stable/users/ui/taurusgui.html#re-arranging-panels-moving-resizing-hiding
[3] http://www.taurus-scada.org/en/stable/devel/api/taurus/qt/qtgui/panel/_TaurusAttrForm.html#taurus.qt.qtgui.
panel.TaurusAttrForm
[4] 	http://www.taurus-scada.org/en/stable/devel/api/taurus/qt/qtgui/button/_TaurusLockButton.html
[5] http://www.taurus-scada.org/en/stable/devel/api/taurus/core/tango/_TangoDevice.html




-- 
+----------------------------------------------------+
 Carlos Pascual Izarra
 Scientific Software Coordinator
 Computing Division
 ALBA Synchrotron  [http://www.albasynchrotron.es]
 Carrer de la Llum 2-26
 E-08290 Cerdanyola del Valles (Barcelona), Spain
 E-mail: cpa...@ce...
 Phone: +34 93 592 4428
+----------------------------------------------------+