jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukas Eder <lukas.e...@gmail.com>
Subject Re: "Secure realm" of internal APIs to prevent costly access control lookups
Date Mon, 25 Mar 2013 15:36:43 GMT
Hi Jukka,

2013/3/25 Jukka Zitting <jukka.zitting@gmail.com>:
> Hi Lukas,
> On Mon, Mar 25, 2013 at 5:09 PM, Lukas Eder <lukas.eder@gmail.com> wrote:
>> Are there any such plans in OAK?
> Yes, but not exactly as you outline.
> Instead of having a special "secure realm" or other special modes that
> allows things like JCR API calls without access restrictions, we've
> built Oak using a set of layers with with different responsibilities
> and limitations. The lowest ones of these levels, the NodeState model
> [1] and the underlying MicroKernel, offer an unrestricted view on the
> content stored in the repository. Access controls are currently built
> into the next level that consists of the TreeImpl class and other
> components that make up the Oak API [2].
> Just recently we've been discussion about whether access control
> checks should be pushed even further down the stack into the NodeState
> level. See [3] for the relevant (and ongoing) thread.

The immediate feeling I have with this approach is the fact that
low-level API access and access-control bypassing are two orthogonal
things. The purpose of high-level APIs is not restricted to adding
access-control. There are a lot of other useful features added, by
abstracting what you called NodeState / MicroKernel.

Let me put it bluntly. On a Unix system, sudo is so much more useful
than going to the hard drive with a magnet and applying some Tesla
magic, to bypass access control :-)

> It would be great if you could take a look at those layers and the
> recent discussion to see whether they address the issues you've
> encountered with Jackrabbit's access control model.

Yes, thank you for those links. I will read through them and probably
join the other discussion, rather than spawning a new one here.


View raw message