[infinispan-dev] Infinispan Security

Pedro Ruivo pedro at infinispan.org
Fri Nov 22 10:47:40 EST 2013 

Hi,

I took a look at the document and these are my comments :)

(note: I only have the basic knowledge of security: security is a myth)

* About the permissions

It would be good to describe what is the relation between the 
permissions. For example, answer the following question: can a 
user/group/role have READ permission over a cache without ACCESS 
permission? Can it have WRITE permission without READ (write operation 
returns the old value)? and EXEC? does it makes sense to have EXEC 
without READ and/or WRITE?

Since we have a BULK permission (that it is a READ) why not split the 
WRITE? like MODIFY(put* replace*), DELETE(remove*) and CLEAR(clear)?

Other thing that is not clear to me is if it is possible to specify 
default permissions. I assuming that if you define the roles in the 
<default> cache, they will be passed to the <namedCache> if nothing is 
specified, right?

Is the secure cache protected against the ComponentRegistry? I meant, it 
is possible to do cache.getAdvancedCache().getDataContainer().clear() 
and skip any authentication?

* About the Interceptors

IMO, bad idea. I think we should have a SecureCache interface and 
implementation (SecureCacheImpl). As suggested in the wiki, this 
SecureCacheImpl will throw a SecurityException in any invocation byut it 
would have a method /.as(Subject)/ that would return a decorate 
SecureCache with the correct permissions.

About the encryption I think the application should be responsible to do 
it and not the Cache. However, if it is really necessary I would do it 
in the SecureCache level so any component in Infinispan would have 
access to the plain object. Also I wouldn't allow the user to choose to 
encrypt only to persistence. In addition, how are we going to manage the 
encryption keys? If a key is leaked are we going to support the 
re-encryption with a new key? Is it possible to choose different keys 
per user/type of data?

* HotRod security

In the design document, it does not refer anything to encrypt the 
communication between the clients and the server. is it a gap?

* Finally, some minor typos:
** the embedded configuration title is in the middle of the embedded API 
text
** the lists are all in the same line in embedded encryption and hot rod 
security
** Memcached Security is not "titlefied"

Cheers,
Pedro

On 11/22/2013 01:05 PM, Tristan Tarrant wrote:
> Hi all,
>
> I've published an ongoing draft of how we should implement Security in
> Infinispan.
>
> https://github.com/infinispan/infinispan/wiki/Security
>
> There are still gaps in there, but I'd like your comments early :)
>
> Tristan
> _______________________________________________
> infinispan-dev mailing list
> infinispan-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/infinispan-dev
>

More information about the infinispan-dev mailing list