More thoughts on securing series
gerv at mozilla.org
Mon May 24 23:18:23 UTC 2004
Joel and I just had a chat about securing charts. I won't do a timeless
and just quote the entire IRC log, leaving you to figure out what was
said ;-); here's an edited summary.
Basically, joel suggested a bunch of stuff (including some things which
have been proposed on the list) and I said what problems each idea had :-)
Further comments very welcome. I am willing to carve out time to fix
this properly, if Dave is willing to wait a few days for me to do so,
and help tighten up the review cycle for the patch.
Gerv: The problem with "release now with no migration, and migrate
later" is that if we migrate at the start, it's guaranteed to succeed
(no name clashes). If we migrate later, we have to deal with the issue
that the users may have created a series with a name we want to use.
Also, a non-zero number of installations on the 2.17 branch will have
joel: True. We just went through the same issue with adding a new system
joel: Though I think we place too much importance on the names as a key
- which doesn't survive renames. If we are going to have the permissions
follow those of a product, I would have a reference to the product's ID
in the tables, but show the products name in the UI.
Gerv: But not all series are related to products. That's the point - the
names are totally arbitrary. [This is one of the big improvements over
the previous version.]
joel: If we want to name something after a product and that would have
caused a collision, prepend/append a character to make it unique.
Gerv: But that's really nasty. What happens if some series clash for a
particular product, but others don't? Sorting the mess out for an admin
would be a nightmare, particularly as they don't see private series. (It
would make their UI unmanageable.)
joel: I'd lean towards having the feature require enabling by the
adminustrator and default to "off", that way we don't make anyone leak
unless they are aware of the need to secure things.
Gerv: We could do that, i.e. migrate the lot and have a special group
for access, but that presents its own migration issues. For example, if
we later implement group-based security, how do we retroactively apply
it to all existing series? We can't make an admin do that by hand. There
are hundreds of them. We could make a hacky "guessing" algorithm which
tries to match product names to series categories, but I don't like that
joel: We definitely should keep track of the product id when we
auto-migrate or auto-create and think hard about the defaults.
Gerv: But that makes some series special. What happens if we implement
series editing, and the series changes to something else? It's already
complicated enough :-) The only good answer is to fix this right.
More information about the developers