You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Nicolas Peltier (Jira)" <ji...@apache.org> on 2020/08/06 07:04:00 UTC
[jira] [Comment Edited] (SLING-9556) add pipes execution through a
simple text POST
[ https://issues.apache.org/jira/browse/SLING-9556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17172068#comment-17172068 ]
Nicolas Peltier edited comment on SLING-9556 at 8/6/20, 7:03 AM:
-----------------------------------------------------------------
[~enorman] [~olli] first of all, your concerns prove that first security layer of pipes that was its complexity starts to fade out which is a good news ;)
1. Then i have to admit i have difficulties picturing the "bad guy" scenario here, as in those cases you will always run a pipe's action with the resolver of the pipe requester. That is if your user has privileges to do bad actions A & B in the whole repository, pipe will "just" make it more efficient, however it's not its role imho to add a layer of security.
2. Second to kick things off you need those {{slingPipes/plumber}} or {{slingPipes/exec}} resources to POST to. Of course, if your user has write access somewhere on the repository, he can create that node, and then post there. He then needs write access described in 1. but again i would fix the fact that user has that POST access in the first place, right?
Finally i don't want to play it smart here as my bad guy imagination has its limits beyond which some people can go, and i'll add a simple check in SLING-9644. [~olli] what about just checking current resolver can read a configured path in the repository?
was (Author: npeltier):
[~enorman] [~olli] first of all, your concerns prove that first security layer of pipes that was its complexity starts to fade out which is a good news ;)
1. Then i have to admit i have difficulties picturing the "bad guy" scenario here, as in those cases you will always run a pipe's action with the resolver of the pipe requester. That is if your user has privileges to do bad actions A & B in the whole repository, pipe will "just" make it more efficient, however it's not its role imho to add a layer of security.
2. Second to kick things off you need those {{slingPipes/plumber}} or {{slingPipes/exec}} resources to POST to. Of course, if your user has write access somewhere on the repository, he can create that node, and then post there. He then needs write access described in 1. but again i would fix the fact that user has that POST access in the first place, right?
Finally i don't want to play it smart here as my bad guy imagination has its limits beyond which some people can go, and i'll add a simple check. [~olli] what about just checking current resolver can read a configured path in the repository?
> add pipes execution through a simple text POST
> ----------------------------------------------
>
> Key: SLING-9556
> URL: https://issues.apache.org/jira/browse/SLING-9556
> Project: Sling
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: Pipes 4.0.0
> Reporter: Nicolas Peltier
> Assignee: Nicolas Peltier
> Priority: Major
> Fix For: Pipes 4.0.0
>
>
> problem with configuration of most pipes is JCR serialization is difficult to read/maintain (basic XML maintenance issue).
> Since it can be executed through gogo commands, the pipe could also simply be some piped command in a text file that would be posted to the plumber, using same pipebuilder functionality (see https://github.com/apache/sling-org-apache-sling-pipes/blob/master/src/main/java/org/apache/sling/pipes/internal/GogoCommands.java#L81)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)