Hi all
This is something that has been nagging me for a while now:
imho the whole JSR 283 security stuff looks good from the JCR context,
but Sling is a different beast:
it is a web framework, and therefore susceptible to the whole web attack
vectors, like information disclosure (e.g. unwanted JSON output),
injection attacks (unsure about possible attack vectors), malicious file
execution and others, see http://www.owasp.org/index.php/Top_10_2007 for
some examples.
Therefore relying on JSR 283 is necessary but not sufficient to provide
state of the art security for Sling. There are several possibilities to
provide this additional layer of security, one is to provide a secure
reverse proxy with filter possibilities, like John mentioned. This is
state of the art for enterprises, but not necessarly the best approach
for more lightweight environments.
Another approach would be to have a servlet filter handling all web
attack mitigation strategies and in the same time beeing able to
communicate with the underlying repository. Perhaps this would also
allow to create something like an "execute" privilege, which doesn't
make sense in JCR context but does make very much sense for Sling. The
spec doc btw, mentions the possibility to define additional
javax.jcr.security.Privilege namespaces, so it looks (without knowing
details) to be well prepared for enhancements.
I am unsure if and how OSGI might be another mechanism to implement web
security.
wdyt?
Cheers, CSp.