I am investigating RBAC permissions in Apache Airflow which has led me to read Security > RPAC UI Security. It talks about various permissions that are granted in the various roles however I am interested in defining more granular custom roles. In order to do that it would be useful to see a definitive list of all permissions that can be granted and get a description of each of them. Some of them are obvious (e.g. can_add, can_edit, can_delete) but others less so (e.g. can_task, can_code)
Does anyone know if a definitive list of permissions, with descriptions, exists?
If you're looking for the definitive source, the airflow/www/security.py file seems to be the place. As for descriptions and such you might have to wait for someone to come along and type up their usages but most seem pretty self-explanatory.
Related
I have a CMS system where admin can create user groups and can grant permissions to groups to do certain things. The permissions (CRUD) are granted on the objects (i.e: can add post, can edit own post, can delete someone else's post, ...)
It's easy to come to the conclusion that we should use something like the provided ACL and store permissions on object or class. However, the question is where should we put these security checking code?
One thing came to my mind was to put that in the controller, but now it means I have to edit every controller I have, or even if I don't I need to somehow identify the object/class that the specific controller action is trying to modify. Sometimes, the controller action will involve several objects/models at once and that makes things even more complicated.
I could also put that in the manager, so that whenever I invoke the save() method I can check for permission. For some reason, that approach seems wrong in term of performance and complexity.
I have read many posts explaining voters, acl and such for Symfony and I understand all that but I'm having trouble putting all that into a solution that would avoid dirty hacks such as editing every single controller.
Is it possible to create a page in asp.net that allow the access to a user that has a defined IPaddres? My goal is to add a page "test" (not linked to my website) and I want to define a rule that only a specified IP address can get the access.
How can I implement this throught asp.net?
You could try putting the page(s) in a separate folder and password protect it, then, give the password to your user, so they may access the content. You could go as far as password protecting each file. This helps if your website is password protected or has a login.
You could also create a sub-domain for that user specifically.
These are just a few. I'm sure you'll get better suggestions here on SO!
You could go for a programmatic solution. However, I would use IIS functions to block the access. Less code, easier to configure and no hassle on your developement/test environment.
Assumption: you are using IIS since it is ASP.NET. But other webservers should have similar solutions.
You can add IP restrictions to the directory (meaning you would have to put your page in a separate directory). Example here: http://www.therealtimeweb.com/index.cfm/2012/10/18/iis7-restrict-by-ip
Obviously there are a lot of other and arguably better ways to grant access to a page if what you really want is for a specific "user" or "group" to have access, but assuming that your really want the access control to be based on IP, the answer may still be dependent on peripheral concerns such as what web server you are using. IIS for example has some features for IP based security that you could check out.
Assuming though that you really, really want to check IPs and that you want to do it in code, you would find information about the calling environment in the Request of the current HttpContext, i.e. context.Request.UserHostAddress.
If you want to reject calls based on this information, you should probably do that as early as possible. In the HttpApplication.BeginRequest event you could check if the call is targeted for the page in question and reject the request if the UserHostAddress is not to your liking.
If you prefer to make this control in the actual page, do it in some early page event.
To manage the acceptable IP(s), rather than hard coding them into your checking code, I suggest you work with a ConfigurationSection or similar. Your checking code could be something similar to:
var authorizedIps =
authorizedIpConfiguration.Split(',').Select(ipString => ipString.Trim()).ToList();
isValid = authorizedIps.Any()
&& authorizedIps.Contains(context.Request.UserHostAddress);
If the check fails, you should alter the response accordingly, i.e. at least set its status code to 401 (http://en.wikipedia.org/wiki/List_of_HTTP_status_codes).
NB: There are a lot of things to consider when implementing security features, and the general recommendation would probably stand as "don't do it" - it's so easy to falter. Try to use well proven concepts and "standard implementations" if possible. The above example should not in itself be considered to provide a "secure" solution, as there are generally speaking many ways that restricted data can leak from you solution.
EDIT: From you comment to the answer given by nocturns2 it seems you want to restrict access to the local computer? If so, then there is a much easier and cleaner solution: Just check the Request.IsLocal property. It will return true only for requests originating from the local computer, see HttpRequest.IsLocal Property
(Also, you should really make sure that this "debug page" is not at all published when deploying your solution. If you manage that properly and securely, then perhaps you do not even need the access check any more. If you want debugging options in a "live" environment, you should probably look to HttpContext.Current.Trace or some other logging functionality.)
We have in one of our customisations implemented permission checks with dynamic authorities in Alfresco. When migrating to solr the search results for those nodes affected by our dynamic permissions became faulty. The reason seems to be that permission checks are done at query time, however our dynamic permissions are not taken into account :(
Here is a short explanations of how our dynamic authorities work:
Check if a node has an association to an authority, if the current user belongs to that authority (group) -> approve access. The node has a lot of different associations and everyone is checked and given READ or WRITE access depending on to which association it belongs.
Is there anyway to tell the Search service to do permission checking on the returned nodes instead (like lucene does)? One workaround I thought of would be to run the query as administrator, then iterate over the result and manually do the permission checks?
Could that be a way to solve it? Any other ideas you could share with me?
Alfresco will perform after-query permission checks on SOLR results when the security.anyDenyDenies property is set to true. This check will involve any dynamic authorities, i.e. it will be a standard check.
The main problem then would be to get the full results from SOLR without pre-filtering there. Other than setting the runAs user to System in a custom sub-class of org.alfresco.repo.search.impl.solr.SolrQueryLanguage (within / around super.executeQuery method call - bean(s) search.lucene.alfresco, search.solr.alfresco, search.fts.alfresco.index and search.solr.cmis in solr-search-context.xml), I see no simpler way to achieve this.
Note: This applies to Alfresco 4.2d and later - I don't know when after-query permissions for SOLR have actually been introduced, but they weren't present when 4.0 came out AFAIK.
Go/Golang in general at the moment is a hard thing to search for, nor did I find what I was looking for here. I know there some level of encryption that can be done during compilation of an app in several languages. Can anyone give me a quick rundown of the security of Go source code after being compile to an exe? If it can be read, at least in part, is there anything out there to increase security of the source code?
Distribute only the binary (per platform/architecture). That's the best you can get with any language. There's no way how to distribute a program while being safe of reverse engineering it. Anyone telling you something different is probably just trying to sell you a "protection" scheme. No such thing really exists.
On the other hand: 99.9% of your potential users probably have no idea how to reverse engineer your program.
On the yet another hand: It's enough if 0.01 of your potential users have the ability to reverse engineer your program and you're doomed.
IOW, try to find out a business model which relies on anything else but security by obscurity. Actually, even open source code can generate profit - if the value of it is not only in having access to the source code per se.
My program needs to decrypt an encrypted file after it starts up to load data it requires to function. This data cannot be available to the user.
I'm not a cryptography expert, so what is the best way to protect hardcoded passphrases and other tidbits of data from users, debugging software and disassembling software?
I understand that this is probably bad practice but it's essential for me (at least for now).
If there are other ways to protect my data from the above 3, could you let me know what those are?
Short answer: you can't. Once the software is on the user's disk, a sufficiently smart and determined user will be able to extract the secret data from it.
For a longer answer, see "Storing secrets in software" on the security.SE blog.
what is the best way to protect hardcoded passphrases and other
tidbits of data from users, debugging software and disassembling
software?
Request the password from the user and don't hardcode the passphrase. This is the ONLY way to be safe.
If you can't do that and must be hardcoded in the app then all bets are off.
The simplest thing you can do (if you don't have the luxury to do something elaborate which will only delay the inevidable) is to delegate the responsibility to the user of the system.
I mean explicitely state that you software is as secure as the "machine" it runs.
If the attacker has access to start pocking around the file system then your app would be the user's least of concerns
In my experience this type of questions are often motivated by either of four reasons:
Your application is connecting to a restricted remote service, such as a database server.
You do not want your users to mess with configuration settings, which in turn do not really have to be kept confidential as long as they are unmodified.
Copy protection of your own software.
Copy protection of data.
Like Illmari Karonen wrote in his answer, you can't do exactly what you are asking for, and this means in particular that 3 & 4 cannot be solved by cryptography alone.
However, if your reason for asking is either 1 or 2, you have ended up asking the questions you do, because you have made some bad decisions earlier in your design process. For instance, in case of 1, you should not make a restricted service accessible from systems you do not trust completely. The typical safe solution is to introduce a middle tier that is the only client to your restricted resource, and which you can make public.
In case of 2, the best solution is often to use exactly the same logic for checking your configuration files (or registry settings or what ever) when they are loaded at start up, as you use for checking consistency when the user enters them using your preferred configuration user interface. If you spot an inconsistency, just bring up your configuration UI and highlight the problem.