Am Mittwoch 24 Februar 2010 15:29:23 schrieb Josef Reidinger: [...]
From a security point of view it is important to have a complete code coverage of RBAC to avoid bypassing the ACLs by using another interface (RESTful vs. UI vs. ...) or delegate an automatic and user-defined task to the web-application which is then executed with the role of the web-app not with the role of the web-yast user (something equal to a cron job).
Because RBAC is just interface and inside it is about distribution permissions, It works like now..users has individual permissions. Just administrator manage it with roles, do not directly touch each permissions. So another interface cannot bypass this permissions.
Then let me reword my statement: From a security point of view it is important to have a complete code coverage of permission checks to avoid bypassing the ACLs by using another interface ... Bye Thomas -- Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org