Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Why is repo store insecure?

kgeis
Champ on-the-rise
Champ on-the-rise

‎01-08-2014 08:12 PM

The authentication runas attribute only works on Web Scripts that are on the Java classpath. This is because RepoStore defines an isSecure() method that returns false. There are references on the forum to this being a choice because of "security issues." I can't imagine the security issues that come from declaring the repo store secure? It's not like end users are going to be authoring web scripts.

Can anyone enlighten me?
Labels:
0 Kudos
4 REPLIES 4

mrogers
Star Contributor
Star Contributor

‎01-09-2014 05:36 AM

If a script is loaded from the classpath then its more trusted than a script loaded from the repository.    The problem is malicious users authoring web scripts to gain more rights than they should have.
0 Kudos

afaust
Legendary Innovator
Legendary Innovator

‎01-09-2014 06:33 AM

Hello,

"It's not like end users are going to be authoring web scripts."

Well - for the vast majority (99+ %) of end users, this may be true. But nevertheless, allowing dynamically supplied scripts to be run requires that some control over what these scripts do is lost. A developer / admin that has set up a complex Alfresco application can't vouch for it, none of the dynamic scripts have to be reviewed or even tested to be uploaded into Alfresco. As an integral piece of business IT infrastructure, it is necessary for Alfresco to default on the side of caution and consider these scripts "not secure". And the kind of potential havoc you can cause by the access to the additional API exposed to "secure" scripts is nothing to be trivialized - you can basically circumvent a lot of the standard mechanisms that way if you are an experienced programmer.

Regards
Axel
0 Kudos

kgeis
Champ on-the-rise
Champ on-the-rise

‎01-09-2014 01:10 PM

The problem, as I see it, is concern about malicious administrators. Also, there is no guarantee that classpath web scripts have been reviewed or tested before deployment either. I definitely agree that the default should be to assume that dynamic web scripts are not secure, but this is all contextual and depends on your business environment. In my case, we have a controlled environment, and the agility of dynamic web scripts outweighs security concerns. I overrode my RepoStore to convince Alfresco that it is secure. It would have been nice if I could have done this through configuration instead of code.
0 Kudos

mrogers
Star Contributor
Star Contributor

‎01-10-2014 07:37 AM

Agreed.  

I don't think there's an easy solution here but I agree that a config option rather than code changes is better.

if you want alfresco to be changed, please contribute your suggestion and patch file to JIRA along with any justification.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC