> P.S. Just a thought, but shouldn't you have some kind of confirmation > before executing an msql command with the potential to delete your > entire site? And have you gotten stamp functionality to work, or just > using the default stamps system. Just curious as the though of system > wide incineration comes to mind. :)
Any query I don't have control over could potentially drop the entire database, assuming the mysql user has privileges to do this. In order to prevent this, I disallow myql users (the users on the mysql server) based on pages, which means any query with sufficient rights to damage the system is limited to site-pages or similar places. > A quick check suggests this would interfere with how auth works for > specific functions/commands. Which I never use, and I'm not sure > anyone else does. Well, yes. Because this would have the same problem. Imagine a dangerous command (for example, "spam the internet" or "delete everything") which you wish to restrict to certain pages on boltwire.com. Imagine me wanting to make a point, and put this command somewhere in boltwire.com where I have write access. I now link to this page here,and you follow the link. I've caused you to execute the command as a super-user. > But it is a good feature, I don't want to drop. This made me pause. Why is it a good feature? I've always assumed it was, but... building a tool that requires super user administration to function is not a good thing no matter how I look at it. Super admin priviliges are needed in order to access and write to pages. Anything else is just making debugging harder for me. Anyway, I'm not suggesting you drop the functionality, but I do think being able to be dupped into bypassing security is a serious concern, so propose that the system is not much use right now. On Sep 30, 1:35 pm, The Editor <[email protected]> wrote: > Are you are talking about this line (~300): > > if (strpos(" ,$BOLTadmin,", ",$BOLTid,") && $BOLTadmin != '') return > true; > > A quick check suggests this would interfere with how auth works for > specific functions/commands. Which I never use, and I'm not sure > anyone else does. But it is a good feature, I don't want to drop. In > those cases you can restrict certain functions/commands to certain > pages/hierarchies. Not tied to user id, but to the function/command > name (check). You would want these to always return true I think for > super admins. It would be worth double checking just to make sure > those features still work anyway. Or perhaps even revisit how they > should work. > > But we could conceivably change those functions to users, not pages. > (Don't like that idea). Or rework the BOLTauth function some different > way, perhaps. Such as using BOLTid when type = function or command, > and $find otherwise. > > Can you explain what you are doing exactly? You are checking for > another members permissions when you are logged in as superadmin? And > want to get the permissions of the other user, not yourself? I'd > prefer to leave it as is if possible, but happy to change if necessary > for good msql support. And any support we give to you will help other > similar kinds of plugins in the future. I'm just not sure I'm catching > what you are doing. > > Cheers, > Dan > > P.S. Just a thought, but shouldn't you have some kind of confirmation > before executing an msql command with the potential to delete your > entire site? And have you gotten stamp functionality to work, or just > using the default stamps system. Just curious as the though of system > wide incineration comes to mind. :) > > On Wed, Sep 30, 2009 at 6:22 AM, DrunkenMonk <[email protected]> wrote: > > > Is there any good reason why "BOLTid" and not "find" is being checked > > for BOLTadmin priveleges? > > > I'm trying to use BOLTauth for my mysql plugin, where the priveleges > > are not BOLTuser based, but mysql user based. I'm trying to get > > another plugin which uses mysql to abort if the mysql user supplied is > > invalid. > > > However, since I'm a superuser, I'm apparently allowed to use this > > mysql user from any page. > > > So, assume I have a guest area, say, docs. A user then writes "[(mysql > > root "DROP * FROM *")]" and then tricks me into viewing this page. I > > bypass all my own checks and destroy all my mysql information. > > > Solution: > > BOLTauth should always check permissions for that which is sent. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/boltwire?hl=en -~----------~----~----~----~------~----~------~--~---
