Date: Tue, 3 Feb 1998 16:49:55 -0600 From: Richard Wackerbarth <rkw@dataplex.net> To: Colman Reilly <careilly@monoid.cs.tcd.ie> Cc: config@FreeBSD.ORG Subject: Re: WebAdmin Message-ID: <l03130300b0fd4b4d12b1@[208.2.87.4]> In-Reply-To: <199802032220.WAA16835@monoid.cs.tcd.ie> References: Message from Richard Wackerbarth dated today at 10:45.
next in thread | previous in thread | raw e-mail | index | archive | help
At 4:20 PM -0600 2/3/98, Colman Reilly wrote: > At 9:42 AM -0600 2/3/98, Colman Reilly wrote: > > the databases useable and stable. > >Sure. Now remember we have to assume that people will be attempting to > >exploit the admin system as a security hole. We can't trust any >state com > ing > >from a HTTP connection. > > >Look at Mike Smiths juliet stuff. Look at my thoughts on Portia/security > >stuff. > > My only objection to his design is that it is a little too specific. > I think that ALL the "back end" modules should appear monolithic and > recursively defined. For example, although the password file is organized > as a list of records each having fixed entries, it can be modeled as > a two level tree. The top level entries are tagged by the <user> name. > Within each of those nodes there are entries tagged by <uid>, <gid>, > <Full User Name>, <shell>, etc. >That's an objection to his implementation, not his design. It depends on >the maturity of the sub-system really. For password I agree, but for some >faster moving targets the more "black-box" approach might be better. In an >ideal world you're right. However, I think that failure to use the monolithic structural model creates a big problem in that all the intermediate nodes now have to be able to handle information which is case dependent. If we restrict ALL the storage to the same model, then we can greatly leverage things. For example, I COULD store all of the configuration parameters in some DBMS which knows absolutely nothing about the real data structures. With the same primitives, I can FETCH, STORE, LIST, etc. these items. I could even handle things like the introduction of some new data type by encapsulating that data type in a string and sending it along. Only the "real" target needs to know how to format it for external consumption. This data storage model is simply a structured method of addressing data values. I believe that all the structures which we will encounter can be mapped onto it. And, at least for most of them, the mapping is trivial. > But doesn't that break the "FreeBSD model" of "implement before you > discuss the design?" :-) >Oh. I'm sorry. I'm doing research in formal methods and mathematical modeling >of software. I get carried away with this design business occasionally. I happen to belong to the "design top down" school. I've seen too many cases where someone jumps in and implements something without a global design and then cannot change it because it is "legacy". Richard Wackerbarth
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l03130300b0fd4b4d12b1>