On Tue, Feb 8, 2011 at 11:57 AM, Andrew Deason <[email protected]> wrote: > On Mon, 07 Feb 2011 17:29:23 -0500 > Jeffrey Altman <[email protected]> wrote: > >> If the goal is to permit anonymous submission of homework for example, >> this model is simply not safe under any circumstances. That is why I >> proposed a configuration option to disable the use of 'i'nsert with >> anonymous. Answering Andrew, Mike Meffie's change (gerrit/217) is >> different. > > I haven't seen any explanation as to how. It is a generalized mechanism > for restricting what rights an anonymous client can have. Unless you > mean only affecting anonymous rights in special cases? (like the dropbox > case) > >> I do not believe we are at a point where making such a change is >> acceptable. I think the best we can do in the short term is a >> combination of: >> >> * Derrick's proposal (gerrit/3901) >> >> * Providing an option to disable 'i'nsert for anonymous client >> >> * Improving our documentation to make it clear that system:anyuser "li" >> and anonymous users are not a secure mix. > > And I must reiterate that I think an additional note of the possible > failure scenario is required. Some sites will skip over security > warnings due to the closed nature of the site or for other reasons, but > "cannot/may not work in certain edge cases" will actually register.
would you be willing to extend 3901 or add a gerrit incident with proposed documentation wording? i'd like to see them advance together. -- Derrick _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
