Date: Tue, 3 Feb 1998 10:45:46 -0600 From: Richard Wackerbarth <rkw@dataplex.net> To: careilly@monoid.cs.tcd.ie, config@FreeBSD.ORG Cc: Adrian Chadd <adrian@obiwan.creative.net.au> Subject: Re: WebAdmin Message-ID: <l03130303b0fcf3415e42@[208.2.87.4]> In-Reply-To: <199802031542.PAA16355@monoid.cs.tcd.ie> References: Message from Adrian Chadd dated today at 22:57.
next in thread | previous in thread | raw e-mail | index | archive | help
At 9:42 AM -0600 2/3/98, Colman Reilly wrote: > the databases useable and stable. >Sure. Now remember we have to assume that people will be attempting to >exploit the admin system as a security hole. We can't trust any state coming >from a HTTP connection. >Look at Mike Smiths juliet stuff. Look at my thoughts on Portia/security >stuff. My only objection to his design is that it is a little too specific. I think that ALL the "back end" modules should appear monolithic and recursively defined. For example, although the password file is organized as a list of records each having fixed entries, it can be modeled as a two level tree. The top level entries are tagged by the <user> name. Within each of those nodes there are entries tagged by <uid>, <gid>, <Full User Name>, <shell>, etc. I would do something like [TELL <some machine> SET user_base.<user>.shell = "/bin/sh"] which would get translated to [TELL <some machine>.user_base.<user> SET shell = "/bin/sh"] and [TELL <some machine>.user_base INSERT joe AT_END] would work. But [TELL <some machine>.user_base.joe INSERT expires] [TELL <some machine>.user_base.joe SET expires [end_of_this_month]] would fail because I cannot insert tags in user records. >Look at the mail archives on this topic. Which archives? I cannot find one for "config". >I'd really like to see people cooperating on this with a well thought out >structure rather than see three sets of people head out into space. Me, too. But doesn't that break the "FreeBSD model" of "implement before you discuss the design?" :-) Richard Wackerbarth
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l03130303b0fcf3415e42>