[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Template storage mechanism?

Hi Chris,

Yes, but also not much use, IMO. It's about the same thing as storing
images as BLOB fields in a database as opposed to just dropping the images
into a directory as a jpg file and linking to it.

There are some differences though.  In general, if I put something
that the web server needs *write* access on the filesystem, then I
have to assume that it could be compromised, either by a bug in our
software, or by a bug in other software running on the same web
server.  If we put it in the db, then the web server itself only has
permission to access the file based on the credentials of the
currently logged in user.  I suspect that there may be some serious
security gains if we can get to the point where the main application
doesn't need write access to the filesystem at all.

What kind of security/access control does lsmb have now and how granular is it? (Just a pointer to a document will suffice, thanks).

Is it normally setup to use ssl/tls or just basic authentication?

Where are PDF files created using LaTeX? (and associated work files) Normally the latex 'compiler' needs write access in the filesystem.

I don't actually think that all templates need to go in the db, just
the user editable ones.

One way or another, we have to have strong enforcement for HTML
templates and these need to be sufficiently strong to prevent other
web applications in the same server from being able to write to those
files.  The filesystem really isn't designed to do this,

Certainly. Just run a copy of Apache with a different UID/GID than any others on the box and force the ownership/permissions to match.

This would also not be a 'good thing' for performance if there are already
conerns over lsmb performance and the use of mod_perl.

Well, right now, the major performance concerns are in page load.
This can be an issue if you have to worry about the responsiveness of
an application for each line of a 100-line invoice you add.  On the
other hand, waiting an extra half-second for the template isn't the
same sort of workflow bottleneck.

So the performance issues are in the database pulling up the invoice values?

I am more worried about being able to exploit loadable templates in
this way.

I don't understand what is exploitable about a template..(?) Sorry.

I think restricting access in the db and sanitizing the
template before it is saved (and the input before it is rendered) is
likely to be the easiest and most robust way to prevent arbitrary
malicious users from breaking into the application.

Hmm. Not sure about that, but again, I'm not clear about the issues.


But I am open to other suggestions.

Best Wishes,
Chris Travers

Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
Ledger-smb-devel mailing list