security and multi-user

From: "Shawn T. Amundson" <amundson gimp org>
To: gnome-components-list gnome org
Subject: security and multi-user
Date: Mon, 16 Mar 1998 22:02:46 -0800 (PST)

On 10 Mar 1998, Tom Tromey wrote:

> I think we don't want to enter the multi-user area at all.  The very
> last thing I want to see is a CERT advisory for any part of Gnome.
> (Of course, we don't really have a security story at all for MICO
> (that I know of).  So we're already behind...)

Hrm.  This is unpleasant indeed.

I want to have an addressbook server, preferably a shared CORBA
object, on a remote machine and have every gnome person across
the world be able to connect up to it as if it where the addressbook
on their local machine.  This, initially, was what I thought would
be cool about CORBA - but the more I look and read, the more useless
CORBA seems.

Even if it is local, at the minimum I need to have more than one
user per machine.  Imagine: "Sorry, someone is using an addressbook
already, find a different machine..."

So how do I go about this goal? 

My first thoughts are that if I use unshared objects that I can
use some username/password simple auth and check that auth has
been done to the top of every function.

init_key = client->get_init_key();
crypted_key = client->get_key();
key = uncrypt(crypted_key, init_key);
user = cryptit("user", key);
pass = cryptit("password", key);
client->auth(user, pass);

I don't know if 'cookie' is the write thing to write above, ...

In any case, when the user did something like:

client->search(regex);

the implementation would be something like:

char* AddressBook::search (const char *regex) {
  if (!auth_ok())
    // eek, bail with error

  // username will be set and can be used later on for auth type things...
}

perhaps even some wierd cryptit thing in every subroutine like:

//client
regex_crypt = cryptit(regex);
client->search(regex_crypt);

//impl
char* AddressBook::search (const char *regex_crypted) {
  if (!auth_ok())
    // eek, bail with error

  regex = uncrypt(regex, key);
}

I would think that for some shared server there must be some way
to check which client you are talking to - in which case the above
gets more complex but only slightly so for that case.

crypt methods could be somewhat pluggable so they can range from
plaintext to whatever works.

Now, why *don't* I want to waste my time doing this?  (Please,
tell me now before I start...)

--
Shawn T. Amundson               
amundson@gimp.org               http://www.gimp.org/~amundson

"The assumption that the universe looks the same in every
 direction is clearly not true in reality." - Stephen Hawking

Follow-Ups:
- Re: security and multi-user
  - From: Tom Tromey

References:
- Re: component architecture
  - From: Tom Tromey

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]