[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-myserver] ideas about how improve security file
|
From: |
Giuseppe Scrivano |
|
Subject: |
Re: [Bug-myserver] ideas about how improve security file |
|
Date: |
Thu, 28 Aug 2008 23:38:55 +0200 |
|
User-agent: |
Mozilla-Thunderbird 2.0.0.16 (X11/20080724) |
Alexandru Iancu wrote:
> Indeed is true, endless programs can cause serious security problems,
> but we can avoid this 2 ways:
> 1. simply disabling scripting features like loops -> use script
> validators(as you said in previous email). So if the script contain for
> or while statement will not be executed;
> 2. carefully handling script stack frame calls(stack frame < 2).
But to do so when need to parse the language and anyway we don't have
any embedded language by default. Anyway, this is not so important now,
if we decide what we can change and what not, define good interfaces it
will not be difficult to change between them.
> Also true.
> Script languages can't be put into a GUI in a resonable way but there is
> no need to have GUI when you edit scripts.
> Moreover, they have 2 decisive the advantage over XML:
> 1. are concise and easily understood by humans. In other words, less
> redundancy more information.
> Let's take an example: you have a composed condition from 3-4 simple
> conditions like this one:
>
> ...
> <CONDITION name="Http.Host" value="localhost">
> <DEFINE name="Http.Trace" value="NO" />
> <RETURN value="ALLOW" />
> </CONDITION>
> <CONDITION name="User.name" value="root">
> <RETURN value="ALLOW" />
> </CONDITION>
> <CONDITION_NOT name="User.name" value="Blackbeard">
> <DEFINE name="Http.Trace" value="YES" />
> </CONDITION_NOT>
> <RETURN value="DENY" />
> ...
>
> What are the chances to write all this without error and be able to
> focus on codition also. Or what are the chances when you read it to
> understand from the start what's there?
> You'll definitelly need GUI to edit this because few users will accept
> to write so much text :)
Yes and the day our GUI will handle this we conquered the world :)
> 2. we don't need to code the semantical pharser for this XML(less code
> => less bugs).
It can be done with XML schema but better do it offline, who writes it
will check, because it is very resource expensive to do everytime.
Giuseppe
- [Bug-myserver] ideas about how improve security file, Giuseppe Scrivano, 2008/08/25
- Re: [Bug-myserver] ideas about how improve security file, Daniele Perrone, 2008/08/25
- Re: [Bug-myserver] ideas about how improve security file, Alexandru IANCU, 2008/08/25
- Re: [Bug-myserver] ideas about how improve security file, Giuseppe Scrivano, 2008/08/25
- Re: [Bug-myserver] ideas about how improve security file, Alexandru Iancu, 2008/08/26
- Re: [Bug-myserver] ideas about how improve security file, Giuseppe Scrivano, 2008/08/26
- Re: [Bug-myserver] ideas about how improve security file, Giuseppe Scrivano, 2008/08/28
- Re: [Bug-myserver] ideas about how improve security file, Alexandru IANCU, 2008/08/28
- Re: [Bug-myserver] ideas about how improve security file, Giuseppe Scrivano, 2008/08/28
- Re: [Bug-myserver] ideas about how improve security file, Alexandru Iancu, 2008/08/28
- Re: [Bug-myserver] ideas about how improve security file,
Giuseppe Scrivano <=