[Glass] Which path to follow to limit what an user can execute ?

Dale Henrichs via Glass glass at lists.gemtalksystems.com
Wed May 20 10:22:14 PDT 2015 

Mariano,

Sorry I missed your message ... I've been incommunicado as I've been 
focusing solely on 3.3 work (with a code freeze coming up real soon now) 
and really don't have the cycles right now respond to email ...

Bruno and Mariano,

With PetitParser now ported to GemStone 3.2 and the important bits of RB 
in GsDevKit/GLASS (at least the important parts ... I think), you could 
consider doing a validation of the proposed script against a known set 
of classes and methods (basically enforcing an Interface for the "legal" 
Smalltalk API)... combining that with a restricted SymbolList and 
perhaps jiggering the ObjectSecurityPolicy so that folks cannot install 
new methods or classes just might give you pretty good confidence that 
the users aren't doing questionable things ...

re-entering the cave:)

Dale
On 05/20/2015 09:08 AM, Mariano Martinez Peck via Glass wrote:
> Hi Bruno,
>
> Just wanted to say I am experiencing the same issue. In my app we have 
> a rule engine where the advanced user can script, create its own rules 
> etc. This rules are basically a closure. And that means...they can 
> execute everything: 1) break the system very easily, 2) steal all my 
> source code, 3) other.
>
> For stealing source code, I send another email to the mailing list the 
> other day but didn't get much answers besides "don't worry". I also 
> thought about parsing the code and be sure I only send messages to the 
> "processor" which is the one argument we pass around to such 
> rules/closures.
>
> I wonder if others have ever done a rule engine with certain security 
> provided.
>
> On Wed, May 20, 2015 at 11:52 AM, BrunoBB via Glass 
> <glass at lists.gemtalksystems.com 
> <mailto:glass at lists.gemtalksystems.com>> wrote:
>
>     Hi All,
>
>     I have the following problem...
>
>     In my system you can import XPDL files generated with Bizagi
>     (http://www.bizagi.com/en/bpm-suite/bpm-products/modeler) and it
>     uses Orbeon
>     forms (www.orbeon.com <http://www.orbeon.com>) to simulate each
>     Bizagi task as an Orbeon form.
>
>     For example if you have a gateway in a process which split the
>     path in two
>     different direction then you have to define a condition (inside
>     Bizagi).
>     The condition looks like:
>     [:formProc | (formProc age > 18) and:[formProc amount < 10000]]
>
>     The argument (formProc) can be an instance of OrbeonFormInstance or
>     OrbeonFormProcess.
>     The result of the evaluation MUST be a boolean.
>
>     Until here there is NO problem, the system execute processes WITHOUT
>     problems (even subprocesses are supported).
>
>     But now i want control what the user can execute inside these
>     Blocks that
>     are defined inside Bizagi.
>
>     For example:
>     [:formProc | OrbeonFormProcessDefinition removeAll].
>
>     From the Process point of view there is no problem, the result is
>     NOT a
>     boolean --> this process will be blocked.
>
>     But from Security point of view is a disaster because this will
>     remove all
>     process instances and definitions in the system.
>
>     At first i thought that GsObjectSecurityPolicy will do the job. I
>     define an
>     UserProfile ("seaside") and create a policy that only has read
>     permission.
>     Then i use GsObjectSecurityPolicy(class)>>setCurrent:while: in
>     order to
>     ensure that the operation is a read operation. Not sure what
>     happend with
>     other sessions (other web users that are logged with the same
>     UserProfile)
>
>     But now i'm thinking to use the Parser to check that all message
>     that are
>     sent to the argument (formProc) and forbid the import of Bizagi
>     models that
>     fail this check.
>
>     Now i'm checking the Parse and how to implement this...
>
>     But what do you think about this problem ? Is there any other possible
>     solution ?
>
>     Regards,
>     Bruno
>
>
>
>     --
>     View this message in context:
>     http://forum.world.st/Which-path-to-follow-to-limit-what-an-user-can-execute-tp4827662.html
>     Sent from the GLASS mailing list archive at Nabble.com.
>     _______________________________________________
>     Glass mailing list
>     Glass at lists.gemtalksystems.com <mailto:Glass at lists.gemtalksystems.com>
>     http://lists.gemtalksystems.com/mailman/listinfo/glass
>
>
>
>
> -- 
> Mariano
> http://marianopeck.wordpress.com
>
>
> _______________________________________________
> Glass mailing list
> Glass at lists.gemtalksystems.com
> http://lists.gemtalksystems.com/mailman/listinfo/glass

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gemtalksystems.com/mailman/private/glass/attachments/20150520/e3dd09ac/attachment.html>

More information about the Glass mailing list