I'm looking at the servlet filter code in
org.fcrepo.server.security.servletfilters, and I see that there is some
code to temporarily cache user credentials:
org.fcrepo.server.security.servletfilters.Cache
org.fcrepo.server.security.servletfilters.BaseCaching
org.fcrepo.server.security.servletfilters.CacheElement
org.fcrepo.server.security.servletfilters.CacheElementPopulator
The only places where this caching functionality is used are the
following servlet filters: FilterXmlUserFile, FilterPubCookie, and
FilterLdap.
As a part of rewriting these filters, would it make sense to do away
entirely with this caching code, and leave management of credentials to
the upstream authnz providers? Caching user credentials in an
application makes me nervous, it seems like it could open doors for a
security breach, and in the case of PubCookie, negate timeouts set upstream.
On a related note: are these three filters still relevant/useful, or
have they been supplanted by FeSL (at least FilterXmlUserFile and
FilterLdap)? Would it make sense to deprecate these filters in a future
release?
-- Scott
--
Scott Prater
Library, Instructional, and Research Applications (LIRA)
Division of Information Technology (DoIT)
University of Wisconsin - Madison
[email protected]
------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
Fedora-commons-developers mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers
