[db-wg] call for application authorisation ideas
- Previous message (by thread): [db-wg] call for application authorisation ideas
- Next message (by thread): [db-wg] [training] RIPE NCC Training Courses October-December 2015
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Daniel Stolpe
stolpe at resilans.se
Fri Aug 21 13:54:05 CEST 2015
On Fri, 21 Aug 2015, denis wrote: > Hi job > > On 21/08/2015 02:32, Job Snijders wrote: >> On Fri, Aug 21, 2015 at 01:58:46AM +0200, denis wrote: >> > When it was suggested to hide the password hash I thought that was a >> > mistake. We should have hidden the whole MNTNER object from public >> > view. Why does anyone outside of my organisation need to see anything >> > in my MNTNER object? Why should you know if I use a password or PGP or >> > whatever? This is my business not yours. >> >> This seems to play into another thread, where someone had trouble >> retrieving the proper value of some "auth:" lines. It would be worth >> exploring how we can hide all "auth:" lines yet make them easily >> accessible to the owner. > > Bear in mind that I have spent years thinking about some of these issues from > many angles :) Sometimes a simple, quick fix is considered to be the > appropriate course of action. I guess that is why we hid the password hashes. > But in the end that proved to be not simple. Sometimes it is worth taking a > step back and looking at a wider picture. > > If you hide anything there has to be some method for the right people to see > what is hidden. Once you start trying to hide significant parts of an object > it may be easier to hide the whole object. And there can be additional > benefits in that. Notifications are part of the security system within the > database. Just as with the security tokens, there is no justifiable reason > why the public should have any knowledge of who gets notified within my > organisation when data is changed or some attempt is made. > > If the whole MNTNER object is hidden it can be shown to authenticated users > by an update with a pseudo attribute. Just as with a "dryrun:", if we have > another pseudo attribute "show:" then instead of doing an update the full, > current object is returned if the authorisation is valid. This will work with > any of the authorisation tokens in the object. Somethin like that, yes. I agree that i might not be necessary for the whole world to know the exact persons listed in a maintainer object, as long as it is not hidden for those authorized. Cheers, Daniel _________________________________________________________________________________ Daniel Stolpe Tel: 08 - 688 11 81 stolpe at resilans.se Resilans AB Fax: 08 - 55 00 21 63 http://www.resilans.se/ Box 45 094 556741-1193 104 30 Stockholm
- Previous message (by thread): [db-wg] call for application authorisation ideas
- Next message (by thread): [db-wg] [training] RIPE NCC Training Courses October-December 2015
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]