[Twisted-Python] enterprise.dbcred.DatabaseAuthorizer
I'm going to be hacking on DatabaseAuthorizer soon(er or later). * Is anybody using it? The current code is pretty crufty, so I'll probably just replace it once the hacking is done, unless it's actually being used. * Does anyone have a wishlist for it? Right now I'm thinking of parameterizing what goes into the twisted_perspectives schema, so we can easily add perspective-class-specific state. -- Twisted | Christopher Armstrong: International Man of Twistery Radix | Release Manager, Twisted Project ---------+ http://twistedmatrix.com/users/radix.twistd/
Il ven, 2003-04-25 alle 03:21, Christopher Armstrong ha scritto:
no. i wrote my own authorizer because DatabaseAuthorizer was not up to the task.
* Does anyone have a wishlist for it?
put service and perspective names in database and allow for the client to request for service/perspecitve in his keyring (derived from db). that would be nice (and is what my authorizer does, btw.) ciao, -- Federico Di Gregorio Debian GNU/Linux Developer fog@debian.org INIT.D Developer fog@initd.org Having paid our respects to the dead (Taligent), nearly dead (Objective-C) and legendary (Symbolics), let's start digging into the features that make Python a great language for mix-in programming. -- Chuck Esterbrook
Il ven, 2003-04-25 alle 19:26, Stephen Waterbury ha scritto:
all my code (and i mean *all*, even the one i write for customers) is available from cvs.initd.org under GPL. you may be interested in the following files: http://cvs.initd.org/cgi-bin/viewcvs.cgi/wilma-prototype-2/server/wilmad http://cvs.initd.org/cgi-bin/viewcvs.cgi/wilma-prototype-2/wilma/server/auth... http://cvs.initd.org/cgi-bin/viewcvs.cgi/wilma-prototype-2/wilma/server/serv... they implement a db authorizer with just one service ("wilma") and some perspectives, taken from the keyring (for example the "admin" perspective is available only to people that have the "admin" role in DB). i planned a better version (the code in wilma is very specific for that project) but i have almost no time nowdays.. too much work. also, for wilma we are moving to a much more fine-grained authorization policy that does not involve perspectives, but that's completely OT here. one more: wabba is a generic "transaction manager" that takes a completely different approach to dababase access than other object-relational mappers (i talked about it with itamar on irc someweek ago). it is still very alpha and we are reworking it a lot but there will be an "official" release around june. it integrates well with twisted. hope this helps, federico -- Federico Di Gregorio Debian GNU/Linux Developer fog@debian.org INIT.D Developer fog@initd.org 99.99999999999999999999% still isn't 100% but sometimes suffice. -- Me
On Thursday 24 April 2003 06:21 pm, Christopher Armstrong wrote:
Yes and yes. Don't hardcode table and fieldnames. Maybe you want to produce more detailed errors why the auth failed. I.e. when you have several services and a user isn't subscribed to one of them you'll get an "unknown user" error, I think you should get a different error saying something about "service subscribtion" if the user is subscribed to other services on the same server. UC -- Open Source Solutions 4U, LLC 2570 Fleetwood Drive Phone: +1 650 872 2425 San Bruno, CA 94066 Cell: +1 650 302 2405 United States Fax: +1 650 872 2417
This is an arguable point.. Consider, from a security standpoint, that an attacker is trying to brute-force your server. 'service subscription' error says 'you have correctly guessed a username, but are attempting to access the wrong service'. Having a valid username is much closer to a username/password pair than not having a valid username.. ;p Perhaps it should be configurable to behave both ways. -Justin
On 26 Apr 2003 at 11:23, Justin Ryan wrote:
What Conch does for this is takes whatever error the authentication raises, whether it be invalid user, invalid password, etc., and turns it into a generic 'not authenticated' message. If you want to keep attackers from knowing which names are actual users, you probably just want to do that, rather than having a flag in the Authorizer. -p -- Paul Swartz (o_ http://twistedmatrix.com/users/z3p.twistd/ //\ z3p@twistedmatrix.com V_/_ AIM: Z3Penguin
On Thu, 24 Apr 2003 21:21:36 -0400 Christopher Armstrong <radix@twistedmatrix.com> wrote:
I'm going to be hacking on DatabaseAuthorizer soon(er or later).
Glyph and I just came up with a new shiny non-broken design for cred, so you may want to talk to us first. -- Itamar Shtull-Trauring http://itamarst.org/ http://www.zoteca.com -- Python & Twisted consulting
Il ven, 2003-04-25 alle 03:21, Christopher Armstrong ha scritto:
no. i wrote my own authorizer because DatabaseAuthorizer was not up to the task.
* Does anyone have a wishlist for it?
put service and perspective names in database and allow for the client to request for service/perspecitve in his keyring (derived from db). that would be nice (and is what my authorizer does, btw.) ciao, -- Federico Di Gregorio Debian GNU/Linux Developer fog@debian.org INIT.D Developer fog@initd.org Having paid our respects to the dead (Taligent), nearly dead (Objective-C) and legendary (Symbolics), let's start digging into the features that make Python a great language for mix-in programming. -- Chuck Esterbrook
Il ven, 2003-04-25 alle 19:26, Stephen Waterbury ha scritto:
all my code (and i mean *all*, even the one i write for customers) is available from cvs.initd.org under GPL. you may be interested in the following files: http://cvs.initd.org/cgi-bin/viewcvs.cgi/wilma-prototype-2/server/wilmad http://cvs.initd.org/cgi-bin/viewcvs.cgi/wilma-prototype-2/wilma/server/auth... http://cvs.initd.org/cgi-bin/viewcvs.cgi/wilma-prototype-2/wilma/server/serv... they implement a db authorizer with just one service ("wilma") and some perspectives, taken from the keyring (for example the "admin" perspective is available only to people that have the "admin" role in DB). i planned a better version (the code in wilma is very specific for that project) but i have almost no time nowdays.. too much work. also, for wilma we are moving to a much more fine-grained authorization policy that does not involve perspectives, but that's completely OT here. one more: wabba is a generic "transaction manager" that takes a completely different approach to dababase access than other object-relational mappers (i talked about it with itamar on irc someweek ago). it is still very alpha and we are reworking it a lot but there will be an "official" release around june. it integrates well with twisted. hope this helps, federico -- Federico Di Gregorio Debian GNU/Linux Developer fog@debian.org INIT.D Developer fog@initd.org 99.99999999999999999999% still isn't 100% but sometimes suffice. -- Me
On Thursday 24 April 2003 06:21 pm, Christopher Armstrong wrote:
Yes and yes. Don't hardcode table and fieldnames. Maybe you want to produce more detailed errors why the auth failed. I.e. when you have several services and a user isn't subscribed to one of them you'll get an "unknown user" error, I think you should get a different error saying something about "service subscribtion" if the user is subscribed to other services on the same server. UC -- Open Source Solutions 4U, LLC 2570 Fleetwood Drive Phone: +1 650 872 2425 San Bruno, CA 94066 Cell: +1 650 302 2405 United States Fax: +1 650 872 2417
This is an arguable point.. Consider, from a security standpoint, that an attacker is trying to brute-force your server. 'service subscription' error says 'you have correctly guessed a username, but are attempting to access the wrong service'. Having a valid username is much closer to a username/password pair than not having a valid username.. ;p Perhaps it should be configurable to behave both ways. -Justin
On 26 Apr 2003 at 11:23, Justin Ryan wrote:
What Conch does for this is takes whatever error the authentication raises, whether it be invalid user, invalid password, etc., and turns it into a generic 'not authenticated' message. If you want to keep attackers from knowing which names are actual users, you probably just want to do that, rather than having a flag in the Authorizer. -p -- Paul Swartz (o_ http://twistedmatrix.com/users/z3p.twistd/ //\ z3p@twistedmatrix.com V_/_ AIM: Z3Penguin
On Thu, 24 Apr 2003 21:21:36 -0400 Christopher Armstrong <radix@twistedmatrix.com> wrote:
I'm going to be hacking on DatabaseAuthorizer soon(er or later).
Glyph and I just came up with a new shiny non-broken design for cred, so you may want to talk to us first. -- Itamar Shtull-Trauring http://itamarst.org/ http://www.zoteca.com -- Python & Twisted consulting
participants (7)
-
Christopher Armstrong -
Federico Di Gregorio -
Itamar Shtull-Trauring -
Justin Ryan -
Paul Swartz -
Stephen Waterbury -
Uwe C. Schroeder