[Mulgara-dev] Backup and Export security
Alex Hall
alexhall at revelytix.com
Thu Jun 26 14:37:32 UTC 2008
Over the course of implementing the export operation, I've noticed that
neither the backup nor export operation evaluates SecurityAdapters when
executing the operation. Clearly this is a gaping security hole. The
DatabaseOperationContext has a resolve(Constraint) method that evaluates
security handlers, which would be useful for securing the export
operation. However, this method is exposed via the SessionView
interface as opposed to the OperationContext interface that is handed to
the database operations. Would anybody have an objection to adding
resolve(Constraint) to OperationContext?
For securing the backup operation, there exists a canBackup() method on
the SecurityAdapter interface, but as far as I can tell it is never
actually invoked. Is there a technical reason for this, or is it just
an oversight?
Regards,
Alex
More information about the Mulgara-dev
mailing list