[
https://issues.apache.org/jira/browse/SLING-9556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17172068#comment-17172068
]
Nicolas Peltier edited comment on SLING-9556 at 8/6/20, 7:03 AM:
-----------------------------------------------------------------
[~enorman] [~olli] first of all, your concerns prove that first security layer
of pipes that was its complexity starts to fade out which is a good news ;)
1. Then i have to admit i have difficulties picturing the "bad guy" scenario
here, as in those cases you will always run a pipe's action with the resolver
of the pipe requester. That is if your user has privileges to do bad actions A
& B in the whole repository, pipe will "just" make it more efficient, however
it's not its role imho to add a layer of security.
2. Second to kick things off you need those {{slingPipes/plumber}} or
{{slingPipes/exec}} resources to POST to. Of course, if your user has write
access somewhere on the repository, he can create that node, and then post
there. He then needs write access described in 1. but again i would fix the
fact that user has that POST access in the first place, right?
Finally i don't want to play it smart here as my bad guy imagination has its
limits beyond which some people can go, and i'll add a simple check in
SLING-9644. [~olli] what about just checking current resolver can read a
configured path in the repository?
was (Author: npeltier):
[~enorman] [~olli] first of all, your concerns prove that first security layer
of pipes that was its complexity starts to fade out which is a good news ;)
1. Then i have to admit i have difficulties picturing the "bad guy" scenario
here, as in those cases you will always run a pipe's action with the resolver
of the pipe requester. That is if your user has privileges to do bad actions A
& B in the whole repository, pipe will "just" make it more efficient, however
it's not its role imho to add a layer of security.
2. Second to kick things off you need those {{slingPipes/plumber}} or
{{slingPipes/exec}} resources to POST to. Of course, if your user has write
access somewhere on the repository, he can create that node, and then post
there. He then needs write access described in 1. but again i would fix the
fact that user has that POST access in the first place, right?
Finally i don't want to play it smart here as my bad guy imagination has its
limits beyond which some people can go, and i'll add a simple check. [~olli]
what about just checking current resolver can read a configured path in the
repository?
> add pipes execution through a simple text POST
> ----------------------------------------------
>
> Key: SLING-9556
> URL: https://issues.apache.org/jira/browse/SLING-9556
> Project: Sling
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: Pipes 4.0.0
> Reporter: Nicolas Peltier
> Assignee: Nicolas Peltier
> Priority: Major
> Fix For: Pipes 4.0.0
>
>
> problem with configuration of most pipes is JCR serialization is difficult to
> read/maintain (basic XML maintenance issue).
> Since it can be executed through gogo commands, the pipe could also simply be
> some piped command in a text file that would be posted to the plumber, using
> same pipebuilder functionality (see
> https://github.com/apache/sling-org-apache-sling-pipes/blob/master/src/main/java/org/apache/sling/pipes/internal/GogoCommands.java#L81)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
