Mailinglist Archive: yast-devel (128 mails)

< Previous Next >
[yast-devel] Re: Webyast - roles management
  • From: Thomas Biege <thomas@xxxxxxx>
  • Date: Wed, 24 Feb 2010 15:46:46 +0100
  • Message-id: <201002241546.47397.thomas@xxxxxxx>
Am Mittwoch 24 Februar 2010 15:29:23 schrieb Josef Reidinger:
[...]
From a security point of view it is important to have a complete code
coverage of RBAC to avoid bypassing the ACLs by using another interface
(RESTful vs. UI vs. ...) or delegate an automatic and user-defined task
to the web-application which is then executed with the role of the
web-app not with the role of the web-yast user (something equal to a cron
job).

Because RBAC is just interface and inside it is about distribution
permissions, It works like now..users has individual permissions. Just
administrator manage it with roles, do not directly touch each
permissions. So another interface cannot bypass this permissions.

Then let me reword my statement:
From a security point of view it is important to have a complete code
coverage of permission checks to avoid bypassing the ACLs by using another
interface ...

Bye
Thomas

--
Thomas Biege <thomas@xxxxxxx>, SUSE LINUX, Security Support & Auditing
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
-- Marie von Ebner-Eschenbach
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-devel+help@xxxxxxxxxxxx

< Previous Next >