cubicweb #2932033 [security] consider operation checking only in securityafterupdateentity hook [resolved]
As of today, the entity is checked in the hook, and if Unauthorized the check is deferred to an Operation (hoping that things will work better at this time).
I contend that this strategy is too costly for the case when only an operation will yield a successful permission check, and that this case is quite common.
I propose we drop the immediate permission check and only defer to the operation. | |
| priority | normal |
|---|---|
| type | enhancement |
| done in | 3.18.0 |
| load | 0.500 |
| load left | 0.000 |
| closed by | #e1369f2dba79 [hooks/security] Defer entity permission checks to an Operation. |
| patch | [doc/book/security] update description of entity update (Related to #2932033) [applied][hooks/security] Defer entity permission checks [applied] |
similar entities
- cubicweb #1698245 Convert __message to _cwmsgid to increase security
- TheCubicWebBook #569106 hooks section
- cubicweb #511718 explain why rql expr insertion doesn't work to ease security debugging
- TheCubicWebBook #656194 CW Administration: how to give dynamic permissions
- cubicweb #1381390 Implement HTTP Strict Transport Security for https
[see all]
Comments
-
2013/06/11 10:16, written by sthenault
-
2013/06/11 10:23, written by acampeas
-
2013/06/11 10:30, written by sthenault
-
2013/06/11 17:00, written by acampeas
add commentIMO what we want is to control when the check occurs, as this is done for relation.
Though I'm afraid such change may lead to very nasty bw incompatibility problems.
regarding bw compat: we have good security test coverage haven't we ? :)
but indeed, a knob might be more reasonnable
we have a good security test coverage. Does this mean it's real-world-proof, I'm afraid not ;)
Though it's possible that some problem are demonstrated by simplifying the code as suggested then running cubicweb's tests.
I haven't seen a single problem doing what I suggest.
Furthermore I still fail to see what difference in semantics it would do (it definitely should NOT change any properly coded app behaviour).