object security issue
From: ChrisB (pleasereplytogroup_at_thanks.com)
Date: 10/20/04
- Next message: Andrew McDonagh: "Re: XP Requirement Analysis?"
- Previous message: Andrew McDonagh: "Re: XP Requirement Analysis?"
- Next in thread: Otavio C. Decio: "Re: object security issue"
- Reply: Otavio C. Decio: "Re: object security issue"
- Reply: H. S. Lahman: "Re: object security issue"
- Reply: Cristiano Sadun: "Re: object security issue"
- Reply: cstb: "Re: object security issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 20 Oct 2004 13:49:56 GMT
Hello:
I'm involved in the creation of a .NET application and would appreciate any
insight into the following issue:
The security model we designed can be summarized as follows:
1. Entities are associated with privileges. For example, a Consumer entity
is associated with add, view, delete, and update privileges.
2. When defining a role, administrators specify which privileges have been
granted for each entity. For example, a "User" role may be granted a "View
Consumer" privilege.
3. Roles are assigned to Users.
4. When a component method is called by a client, the method makes sure the
User currently logged into the system has been granted the necessary
privilege.
This design has worked well, with one exception. There are times that the
system needs to complete a task "behind the scenes" even though the user
currently logged into the system doesn't have the necessary privilege.
For example, during the invoice generation process (Create Invoice), the
system needs to retrieve product information to determine values that will
appear on the invoice. If, however, the current user was not granted a
"View Product" privilege by the system administrator, the Product component
will prevent the system from retrieving necessary data using the
Product.GetProduct() method. Our security model appears to be too
restrictive in some circumstances.
It seems there are several possible solutions to this dilemma:
1. Create a different Product component for the system to use that does not
enforce security.
2. Incorporate some type of mechanism into the existing Product component
that allows a client to indicate that a request is for the system and
security should not be enforced.
3. Create a "System" role that has full capabilities. If the system needs
to override security, log out the current user, log in a system user,
complete the necessary task, then log the original user back in.
Any thoughts on the best approach or other possible options?
Thanks!
Chris
- Next message: Andrew McDonagh: "Re: XP Requirement Analysis?"
- Previous message: Andrew McDonagh: "Re: XP Requirement Analysis?"
- Next in thread: Otavio C. Decio: "Re: object security issue"
- Reply: Otavio C. Decio: "Re: object security issue"
- Reply: H. S. Lahman: "Re: object security issue"
- Reply: Cristiano Sadun: "Re: object security issue"
- Reply: cstb: "Re: object security issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
