Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

User Story #200 (closed)

Opened 18 years ago

Closed 18 years ago

User can run queries and not break security (Read security umbrella)

Reported by: jamoore Owned by: jamoore
Priority: critical Milestone: 3.0-M3
Component: Security Keywords: queries,story114
Cc: Story Points: n.a.
Sprint: n.a. Importance: n.a.
Total Remaining Time: n.a. Estimated Remaining Time: n.a.

Description

What this means is that no matter what User A asks, no information should be leaked about User B that's been marked unreadable. An example of this would be the query : " all categories involving the gene X ? " . An subtler leak would be of the form : "how many categories invole the the gene X ? " .

To prevent this, values can't just be nulled through an interceptor, but they should be filtered at the db level. However, the one caveat is that if a user sets such information to unreadable (but leaves it writable) then they can lose data. This, however, should be common sense.

Change History (9)

comment:1 Changed 18 years ago by jmoore

  • Keywords iteration2 added

comment:2 Changed 18 years ago by jmoore

r789 introduces the filter needed to make this work. See #117 for more.

comment:3 Changed 18 years ago by jmoore

  • Keywords iteration2 removed

Unscheduling this umbrella ticket.

comment:4 Changed 18 years ago by jmoore

  • Summary changed from User can run queries and not break security to User can run queries and not break security (Read security umbrella)

r895 has a full battery of read tests. All are passing. For the short-term, this seems to be finished.

comment:5 Changed 18 years ago by jmoore

Note: r895 was purely read. None of the logic now required by the removal of USE #310. That is perhaps best left for another class (i.e. UseSecurityTest even if their is no USE flag)

comment:6 Changed 18 years ago by jmoore

See also #117 for changes and past work (merged with this ticket)

comment:7 Changed 18 years ago by jmoore

r929 reworks the client-side tests.

comment:8 Changed 18 years ago by jmoore

r941 further reworks test.

comment:9 Changed 18 years ago by jmoore

  • Resolution set to fixed
  • Status changed from new to closed

r984 closes. All tests are now passing or covered by other tickets.

More tests can be written under #378.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.63280 sec.)

We're Hiring!