On Mon, Oct 25, 1999 at 06:12:12PM -0700, Jonothan Farr wrote:
Issues to address: security (not as much of a problem as with my read/write product) The only security issue I've addressed is that '..' is not allowed as a directory name, it will throw a ValueError. Also, of course the Zope server has to have permissions to access any files that it tries to read through LocalFS. If anyone can think of any others please let me know.
I was planning on writing a product like this myself (but of course didn't quite get past just thinking about it in my head! I have so many projects like that!) What I was planning on doing for security was having an "access" file in the products directory that contained a list of directories and a list of the files (allowing wildcards) that you were allowed to access in _that_ directory. It was going to default to only letting you read txt and log files in the product directory itself (defined by .). You could also add roles to this file. Basically you would strip out any &;: and other weird characters from the directory name the product was trying to access and then, if it wasn't in the list, don't bother looking any further. If it was, then check that they are allowed to look at the file. Basic reasoning is you do _not_ want people looking at any file they like (like config files and password files), so if the access restrictions are actually on your hard drive then if someone manages to crack your Zope installation and get management permissions on it they still can't access anything on your box unless they've cracked it independantly.
-jfarr
-- Evan ~ThunderFoot~ Gibson ~ nihil mutatem, omni deletum ~ May the machines watch over you with loving grace.