manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alessandro Benedetti <benedetti.ale...@gmail.com>
Subject Re: [Google Drive - Dropbox] Permission indexing
Date Fri, 20 Feb 2015 22:30:07 GMT
Ok Karl,
I will keep you updated on this and as soon as I can dedicate some time, I
am going to open the tickets and discuss this with you !

Cheers

2015-02-20 18:40 GMT+00:00 Karl Wright <daddywri@gmail.com>:

> Hi Alessandro,
>
> The current connectors were contributions.  No integration with the
> underlying security model was attempted by the contributors, near as I can
> tell.  Forced security tokens (which are per-job) are present in most of
> our connectors, even when there's a real security model available for
> document security.  That's traditional, because we've found that setting up
> security in a demonstration situation often can be challenging.
>
> If you would like to provide authority connectors and authorization-based
> patches for DropBox and Google Drive, please create the appropriate
> tickets.  It would also be good to discuss your precise approach in the
> context of those tickets.  I'm specifically interested in how the
> authorities would work: how you would go from a user name to a list of user
> email accounts (if that's what your access token is going to be).
>
> Karl
>
>
>
> On Fri, Feb 20, 2015 at 12:25 PM, Alessandro Benedetti <
> abenedetti@apache.org> wrote:
>
> > Hi guys!
> > Testing Google Drive and Dropbox connector I verified that the Indexing
> of
> > the permission is quite simple.
> > To refresh that part we can add one or more tokens to a specific job and
> > then all the documents belonging to that job will have that token indexed
> > in the allow_document_token .
> >
> > In a real scenario this is quite un-realistic.
> > The simplest way could be to index in the allow_document_token the list
> of
> > accounts that the document is shared with.
> > Of course storing the uncrypted plain version of the account mail can be
> > dangerous ( as simply someone could impersonate other people directly
> > accessing solr) .
> >
> > So an authority connector is necessary as well .
> >
> > Any though about this ? Was it in plan ? Any reason behind the current
> > simple approach ?
> > The same is valid for the dropbox connector and the web crawler one (
> > permissions per area of a web site is possible through a workaround but
> not
> > using only one single job).
> >
> > Cheers
> >
>



-- 
--------------------------

Benedetti Alessandro
Visiting card : http://about.me/alessandro_benedetti

"Tyger, tyger burning bright
In the forests of the night,
What immortal hand or eye
Could frame thy fearful symmetry?"

William Blake - Songs of Experience -1794 England

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message