Roundup Tracker - Issues

Message4449

Author rouilj
Recipients rouilj
Date 2011-10-18.16:55:58
Message-id <1318956959.13.0.740314028603.issue2550731@psf.upfronthosting.co.za>
In-reply-to
In message <20111017081202.GB22486@runtux.com>,
Ralf Schlatterbeck writes:

>On Sat, Oct 15, 2011 at 06:49:41PM -0400, John P. Rouillard wrote:
>> Hi all:
>> 
>> With the work going on with pgp signing of email messages, I thought
>> this may be a good time to bring up the idea of attaching an origin to
>> transactions that change the database.
>
>Nice. Can you put this idea into the issue tracker at
>http://issues.roundup-tracker.org/
>(as an "rfe" which translates to "request for enhancement" I think :-)
>
>I've had some usecases where it would be nice to find out the origin
>of a request from a detector... You're adding some interesting usecases.

The original use case was for secure tickets where only certain people
are allowed to view them. For my tutorial example, I am using the nosy
list as the access control list. If I allow email updates to tickets,
it is trivial to forge a from address and change the nosy list
(Subject: ... [nosy=+badguy]). So I have to add a caveat that you have
to disable email changes (or filter the emails in some way before they
hit roundup) in order for the security to be less soft.

Here is the original message as well.

============
Hi all:

With the work going on with pgp signing of email messages, I thought
this may be a good time to bring up the idea of attaching an origin to
transactions that change the database.

E.G. while you may want to allow new messages to be added to an issue
via email, changing the assignedto person may be done only via the web
or openpgpg signed emails.

I am specifically thinking of supplying the info to auditors so they
can make useful decisions on allowing/denying a database change, but
it may be useful for reactors as well.

Maybe adding a db.requestmode() similar to db.getuid(), or maybe a
generalized version of the request object available to the web
interface could be created. Then it could be set by the front end to:

   web
   xmlrpc
   email
   openpgp-email (for a validated signed email)
   cli
   program-<prog name>

via some function call and it would default to none if the program
didn't set its identifier. Then in the auditor/reactor you could use

   if not db.requestmode() in ['web', 'xmlrpc', 'openpgp-email', 'cli']:
        raise Reject, "Change did not arrive via autheticated channel"
====================

-- rouilj
History
Date User Action Args
2011-10-18 16:55:59rouiljsetrecipients: + rouilj
2011-10-18 16:55:59rouiljsetmessageid: <1318956959.13.0.740314028603.issue2550731@psf.upfronthosting.co.za>
2011-10-18 16:55:59rouiljlinkissue2550731 messages
2011-10-18 16:55:58rouiljcreate