Re: [WebMacro-user] questions on macros directive

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

From: Lane Sharman=20
Anytime you give someone the ability to write script, java, etc with =
server-side evaluation, you open up some big security issues no matter =
what the restrictions, limitations, and definitions.

[Harmeet]
Agreed. but if one can tighten things up sufficiently, it may work out =
ok. In the end security has to be weighed against cost of security. =
Trying to find sufficient security without high cost.

From: Lane Sharman=20
In my view, as an ISP, I would be very cautious about running a =
container supporting 2 or more distinct and independently written =
servlet applications. Mostly, inadvertent side-effects but some =
malicious stuff too. Uploading an script to run compounds the security =
problem. Better to have their own dedicated container. Better still to =
have their own host.

[Harmeet]
Again agreed, but attempt is to provide some form of db access to =
individual users and small organization. The number of potential users =
per box could be ~ 1000. The hosting software is Java. Allowing CGI/Perl =
out of process would be worse. It may be difficult to manage, high cost, =
and difficult to secure( need to limit accesss to file system). It may =
also not work well on Windows(unfortunatly needed). Machine/process per =
container per user is too costly.=20

I was thinking of providing a subset of webmacro facilities for simple, =
limited template scripting. A db connection would be available via =
context for the template. This would allow a user to create simple db =
apps like address book, bug tracking, faq etc.=20
What I need to know is=20
- What is the right web macro subset to expose
- Are there any notes/documentation on web macro and web application =
security. Esp. in an environment where anyone can access and create =
dynamic but simple web application.

Any information, experience, notes would be highly appreciated.
thanks,
Harmeet

----- Original Message -----=20
  From: Lane Sharman=20
  To: Harmeet Bedi=20
  Cc: webmacro-user=20
  Sent: Monday, November 18, 2002 11:18 PM
  Subject: Re: [WebMacro-user] questions on macros directive

  Harmeet,

  Anytime you give someone the ability to write script, java, etc with =
server-side evaluation, you open up some big security issues no matter =
what the restrictions, limitations, and definitions.

  In my view, as an ISP, I would be very cautious about running a =
container supporting 2 or more distinct and independently written =
servlet applications. Mostly, inadvertent side-effects but some =
malicious stuff too. Uploading an script to run compounds the security =
problem. Better to have their own dedicated container. Better still to =
have their own host.

  -lane

  Harmeet Bedi wrote:

Will it be possible to write recursive macros ?
      If the macros can be evaluated in such a way that they terminate =
at
compile time, yes.
   =20
Would it be possible to have some example of safe but recursive macro ?

I feel that macro directive call graph and recursive calls could be =
abused
by a malicious person. Is this likely ? Is it possible to provide a way =
to
limit macros to make them safer ?

Can wm templates be used as part of a hosting solution ? Can one provide
ability to add wm templates but somehow restrict the person uploading wm
templates from bringing down the container. With 1.0, I was thinking =
that
restricting available Java packages and disallowing the include =
directive
could do the trick. Is this true ? Does it make sense ?
Is this in line with web macro use case ?

Appreciate your help. I have been using webmacro a little bit for a year =
but
don't know enough about it.
One thing would help (at least)me a lot would be some documentation on =
web
application security with web macro.

thanks,
Harmeet