[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnumed-devel] Re: multitaskhttpd experiment
|
From: |
Luke Kenneth Casson Leighton |
|
Subject: |
[Gnumed-devel] Re: multitaskhttpd experiment |
|
Date: |
Fri, 16 Jul 2010 10:47:47 +0000 |
sorry, jim, nabble acting up: had to extract this message from elsewhere
> Typically when a "web app" accesses a database, is the app granted explicit
> permissions equal or equivalent to the database owner (e.g. gm-dbo)?
basically, in a "typical" web app, there _is_ no concept of "other
users", there _is_ no concept of "security" per se, because, well, the
web server is the only "user" of the database, right? so, there is
only one username and one password, right? the web server is the sole
exclusive means by which data will be presented to "real" users,
right?
so why would you need, other than a single username and password, any
other kinds of "permissions"?
> If not explicit, does the app achieve it implicitly (functionally) on account
> of playing a pass-through role for all user sessions and credentials? Thereby
> presenting a locus of attack and takeover outside the control of the database?
> Is that the fundamental security vulnerability i.e. that "control" has been
> given away from the database?
not quite.
basically, by ignoring the security features of the database
entirely, you have gained the ability to use any kind of database (by
falling back to lowest common denominator), and if you now want to
implement any kind of security it must be done through the WEB
SERVICE.
and typically this is implemented by using the only
permanently-accessible data storage mechanism available to the web
service: the database.
typically this means creating a table full of users and passwords,
another table full of roles, another full of groups and so on.
but if you look at something like Zope, the concept has been
abstracted out to the point where you can implement security in terms
of LDAP, or Active Directory or anything you like, really.
not that i've explicitly looked, but i have never encountered a web
framework, in ten years, which actually uses the security mechanisms
*of the database* to perform user-based access control. i'm sure one
exists somewhere, but for most peoples' purposes, virtually unlimited
and carte-blanche but all-importantly EXCLUSIVE access by the web
server to the sql database, followed by some sort of alternative user
authentication (such as openid and so on) is "the norm".
l.
- [Gnumed-devel] Re: multitaskhttpd experiment,
Luke Kenneth Casson Leighton <=