27 Jan
2011
27 Jan
'11
9:47 a.m.
Hi Denis,
On 01/27/2011 09:04 AM, Denis Gervalle wrote:
On Thu, Jan 27, 2011 at 00:52, Anca
Luca<lucaa(a)xwiki.com> wrote:
If it's about tricking the admin to save my page with rights, I might as
well do that by calling him or by sending him a mail, or by any method.
I agree that yes, it's "one more way to trick the admin" but I really
don't think this is a security issue specific to this proposal.
I agree with this. I mean I like it as an
approach that fixes an issue
in a relatively harmless way (1 + 2).
Not sure it so harmless in term of security and it should be implemented
with care. If a simple user would be capable of adding a PR requirements on
one of its pages, and he could tricks the admin to fix the PR right issue, he will gains PR access. So, if the people who was not
aware of PR and are
admins, using the admin panel without care could let them breach the
security of their site when they thinking they fix a security issue.
Honestly, for the world peace, I hope people are aware of what the
rights that they have mean. IIUC, you'd be able to save the page with PR
only if you're yourself a programmer, which the admin is not
necessarily. So again, I don't think this is a problem specific to this
solution, I mean if an admin doesn't know what programming is, I might
as well, as a normal user, trick him into giving me that right in the
rights interface.
I mean really, if we start from the idea that an admin would click any
button without thinking what it means, I'll start another thread to
desactivate admin account altogether.
Of course, we'll do our best in the "PR admin panel", to explain
correctly what it means to help people understand the most of what
they're doing. But again this should not be specific to this solution.
By harmless I meant that it doesn't really modify any security
mechanism, or grant any rights or whatever, it's just metadata, it's
just an easier way for a guy with programming rights to verify, in a
glance, what are the pages on his wiki that require programming rights
and handle this issue in an easier way than read the pages from a mail,
go through all of them and resave them manually individually.
Jerome, so that I don't forget: some very interesting information in the
admin panel would be the last author of the script that requires PR as
well as the user which added the requirement to the page (the object).
Thanks,
Anca
We
should be really careful on who would be able to put requirements if we
really want to helps admins IMO.
PR is really PITA, and this is known by any developer that had to send a
mail to another developer or to an administrator of their wiki with the
list of pages that should be saved with programming rights (list which
he has maintained on his desk on a pink post-it for 2 weeks or so,
adding or removing items on it whenever he did a change). Post-its are
so last century.
I might like the idea of signed scripts but I cannot see it through
right now (don't really understand fully what it means), for various
possible reasons. Which makes me think that if I need explanation on it
now, I might need some after it's implemented and I really think we
should make the app dev environment as accessible as possible to
"normal" people.
There are a couple of solutions for the fact that this solution is a
"patch" and not a real solution:
1/ we don't advertise the solution as an API, we advertise it as subject
to change (because we want to build it right) so if people are not
willing to maintain it on upgrades, they should stick to the current
solution which is having no solution
I am +1 on this. If we implement such panel, we should be careful to legacy
code that do not have the PR information. It is in itself an important
information, and for legacy code, a possibility to fix either the PR status
of a page, or the requirement of a page. I think that the panel should be
able to do both !
2/ we implement it as an application (it
doesn't need more than a .xar,
right jerome?) on extensions.xwiki.org and who needs it takes it from
there and uses it in his development environment
This is something I have never been against, but since you need to change
the data you import to contains more information (an XObject with security
requirements), your extension will only works when the object are add to the
distribution packages and the applications and extension you install.
Taking into consideration, the 2 remarks above (being able to fix either
rights or requirements, and being an extension), the tools has for me a very
different presentation. It could be seen has a addition to the existing
tools an admin could use to manage PR. He could see it has a way to mark
page he have accepted for PR and check the page keep it while also checking
no other are gaining it with its knowledge. Seen that way, I should say
Jerome that you had finally a great idea and I would be +1.
WDYT ?
As for objects vs doc metadata, yes, doc metadata would be nice, but
only _needed_ if we need to make a fast query (without a join to
xobjects& props tables), in my view. Which is not the case if I
understand correctly how this metadata will be used. Additionally, it
would make impossible the 2/ implementation above, it would be too "core".
Thanks,
Anca
On 01/19/2011 08:04 PM, Jerome Velociter wrote:
Hi developers,
I've setup and worked on a couple of wiki farms recently, and my feedback
is
that the PR issue has become for me a major
PITA.
It's worst than before, because we've introduced a lot of pages that
requires it : annotations style and script, plus the wiki macros for
activity, tag cloud, space, etc. (OK, it's not really PR, it's edit right
of
the last person who did edit it, but it's the
same issue mostly : you
need
to have it saved by someone with sufficient
rights).
Importing not as back-up (meaning all pages imported from the XAR are
saved
by the user doing the import) is not sufficient
answer, for several
reason :
* User might not have programming rights
* When user has programming rights, it's a BAD practice in terms of
security
(it means every page of the wiki initially has
the PR right OK)
* Wiki creation is also done by template wiki copy, which is not covered
by
this
* This problem is not just an import/creation problem, we need generally
a
way to know which pages require PR, and which are
missing this PR (users
can
be deleted, their rights can change, etc.).
OK, that looks like sufficient complaining :)
Here what I propose, tell me what you think :
1. We define a XWiki class, like XWiki.RequiredRightClass, with a field
that
describe the required right the user saving the
document must have for it
to
behave properly (for example it will be
"edit" for wiki macros with a
"wiki"
scope, and "programming" for pages that
uses privileged APIs, or JSR
scripts, or always use SSX, etc.)
2. We make a simple UI (for example in the administration section of the
admin app) that list all of them, and their current status. Plus a button
to
fix the status if there is something to fix (a
missing PR for example)
and
if the user seeing the page has the required
rights of course.
That's what I propose for now.
In the future, we could imagine that :
3. Programming right can only be granted on a page that requires
it explicitly. This would be a non-backward compatible change.
Let me know what you think.
If we agree I volunteer to implement this in 3.0 M2.
Jerome.
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs