[Glass] Which path to follow to limit what an user can execute ?
Mariano Martinez Peck via Glass
glass at lists.gemtalksystems.com
Wed May 20 09:08:59 PDT 2015
Hi Bruno,
Just wanted to say I am experiencing the same issue. In my app we have a
rule engine where the advanced user can script, create its own rules etc.
This rules are basically a closure. And that means...they can execute
everything: 1) break the system very easily, 2) steal all my source code,
3) other.
For stealing source code, I send another email to the mailing list the
other day but didn't get much answers besides "don't worry". I also thought
about parsing the code and be sure I only send messages to the "processor"
which is the one argument we pass around to such rules/closures.
I wonder if others have ever done a rule engine with certain security
provided.
On Wed, May 20, 2015 at 11:52 AM, BrunoBB via Glass <
glass at lists.gemtalksystems.com> wrote:
> Hi All,
>
> I have the following problem...
>
> In my system you can import XPDL files generated with Bizagi
> (http://www.bizagi.com/en/bpm-suite/bpm-products/modeler) and it uses
> Orbeon
> forms (www.orbeon.com) to simulate each Bizagi task as an Orbeon form.
>
> For example if you have a gateway in a process which split the path in two
> different direction then you have to define a condition (inside Bizagi).
> The condition looks like:
> [:formProc | (formProc age > 18) and:[formProc amount < 10000]]
>
> The argument (formProc) can be an instance of OrbeonFormInstance or
> OrbeonFormProcess.
> The result of the evaluation MUST be a boolean.
>
> Until here there is NO problem, the system execute processes WITHOUT
> problems (even subprocesses are supported).
>
> But now i want control what the user can execute inside these Blocks that
> are defined inside Bizagi.
>
> For example:
> [:formProc | OrbeonFormProcessDefinition removeAll].
>
> From the Process point of view there is no problem, the result is NOT a
> boolean --> this process will be blocked.
>
> But from Security point of view is a disaster because this will remove all
> process instances and definitions in the system.
>
> At first i thought that GsObjectSecurityPolicy will do the job. I define an
> UserProfile ("seaside") and create a policy that only has read permission.
> Then i use GsObjectSecurityPolicy(class)>>setCurrent:while: in order to
> ensure that the operation is a read operation. Not sure what happend with
> other sessions (other web users that are logged with the same UserProfile)
>
> But now i'm thinking to use the Parser to check that all message that are
> sent to the argument (formProc) and forbid the import of Bizagi models that
> fail this check.
>
> Now i'm checking the Parse and how to implement this...
>
> But what do you think about this problem ? Is there any other possible
> solution ?
>
> Regards,
> Bruno
>
>
>
> --
> View this message in context:
> http://forum.world.st/Which-path-to-follow-to-limit-what-an-user-can-execute-tp4827662.html
> Sent from the GLASS mailing list archive at Nabble.com.
> _______________________________________________
> Glass mailing list
> Glass at lists.gemtalksystems.com
> http://lists.gemtalksystems.com/mailman/listinfo/glass
>
--
Mariano
http://marianopeck.wordpress.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gemtalksystems.com/mailman/private/glass/attachments/20150520/3e5298dd/attachment.html>
More information about the Glass
mailing list