Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)

["Chris Nighswonger" <..hidden..>]

On 10/3/07, Joshua D. Drake <..hidden..> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Chris Travers wrote:
> > On 10/2/07, David Tangye <..hidden..> wrote:
> >> On 10/3/07, Ashley J Gittins <..hidden..> wrote:
> >>> As I understand it (and I am pretty likely to get this wrong so feel
> >>> free to
> >>> point that out) the only reason we have to send the user/pass on every
> >>> http
> >>> request is because of the change to using postgresql to authenticate
> >>> every
> >>> request (ie, server-side, LSMB logs into psql as the actual user),
> >>> therefore
> >>> requiring the password to do so.
> >>
> >> Let me try to answer this: see if I am right. (Chris?)
> >> I am guessing that the user/password and any other session data is sent on
> >> every http request is to code in a RESTful way, ie with AJAX. This way a
> >> session's state is kept within the session, ie past back and forward with
> >> the data. The alternative is to either hold session state info on the
> >> server, in the hope that the session will be needed by future client
> >> requests, and then have to code stuff to manage this data, eg when to get
> >> rid of it, or else pass server-side info as cookies and code client side
> >> stuff to manage this data when its not needed.
>
> >
> >  That is the thing though  We are not using a single db user account.  Every
> > user is represented by a DB user account.
>
> We are making this far more complicated that it needs to be. Let's just
> make it so ssl is part of the ledgersmb requirements and include the
> docs to handle that. We can even include a simple wizard that will
> create the postgresql ssl stuff.
>
> Further, we should make it part of the requirements that a user use
> https to talk to lsmb as well.
>
> If the user then decides not to run ssl, it is there problem.

I second this. It really reduces the surface area for attack.

Chris