geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacob Barrett <jbarr...@pivotal.io>
Subject Re: [PROPOSAL]: Improve OQL Method Invocation Security
Date Fri, 28 Jun 2019 21:28:56 GMT
Juan,

You asked people to comment in both the wiki and the emails but you didn’t include comments
from the wiki below.


I have two issues, the first I raised in the wiki is what about caching the authentication
lookups:
> Can we safely assume that some caching of authorization requests will be performed? What
will the scope and lifetime of this caching be? Are the authentication rules and modules assumed
to be immutable at runtime? All of this will have significant implications on performance.

The second issue is how does this differ, augment are compete with Java’s built in Security
Manager / Policy system. It was designed for a lot of these same reasons, restricting application
access to specific OS level operations that can be dangerous if executed by malicious code.
Why is such a system not sufficient to handle our concerns in OQL? Beyond creating sockets,
files, threads, forks, etc. what are we intending to prevent the OQL user executing?

Thanks,
Jake


> On Jun 28, 2019, at 10:36 AM, Juan José Ramos <jramos@pivotal.io> wrote:
> 
> Hello all,
> 
> Below are some answers/comments to the questions and feedback gathered
> during the last round, along with some final ideas at the end of the email.
> 


Mime
View raw message