Ticket #129 (closed enhancement: invalid)

Opened 5 years ago

Last modified 4 years ago

Secure db access by channelling query generation through authz module

Reported by: dread Owned by: rgrp
Priority: awaiting triage Milestone: ckan-backlog
Component: ckan Keywords:
Cc: Repository:
Theme:

Description (last modified by dread) (diff)

Controllers and templates should not access db objects directly - they should do all access via authz module giving username. They are handed by a query that has already been filtered by the packages they are authorized to read.

(Additional idea to be discussed: When they request a package object, they are handed an copy of the db object - disconnected from the database - so it the db object can't be changed.)

A couple of tests can be reenabled when this is done: ckan.tests.functional.test_authz.TestUsage?.test_admin_list_deleted ckan.tests.functional.test_authz.TestUsage?.test_search_deleted

Change History

comment:1 Changed 5 years ago by dread

  • Description modified (diff)

comment:2 Changed 5 years ago by dread

  • Summary changed from Secure db access by centralising query generation through authz module to Secure db access by channelling query generation through authz module
  • Description modified (diff)
  • Milestone changed from v0.10 to v0.11

comment:3 Changed 4 years ago by dread

  • Priority changed from major to awaiting triage

Not needed at the moment (minor security issue since only for read actions).

comment:4 Changed 4 years ago by dread

  • Milestone changed from v0.11 to longterm

comment:5 Changed 4 years ago by dread

  • Status changed from new to closed
  • Resolution set to invalid

Implementing this would make it less likely that new code would be written to be insecure. But it would also make a lot of things harder. Decided not to do it.

Note: See TracTickets for help on using tickets.