No more Bugzilla for me
Carwyn Edwards
carwyn at carwyn.com
Thu Apr 23 00:22:32 UTC 2009
2009/4/22 Emmanuel Seyman <emmanuel.seyman at club-internet.fr>
>
> The Bugzilla used by Fedora contains sensitive information (i.e.,
> restricted to certain accounts). Thus, we need strong passwords
> on the accounts.
Actually, it's only those certain accounts that need strong passwords, as
long as the application itself is secure the only passwords that are
dangerous are the ones that belong to the users with high security accounts.
The problem here really is that there's no group based separation of auth
policy.
Strong passwords don't really help verify identity for relatively unknown
persons anyway. So what if you can prove I know my password. You still have
no idea who I am.
This is a case of using a sledgehammer to crack a nut. The authenticity of
most bugzilla.redhat users means very little, it actually means more to the
end user than the service provider. This approach seems to have affected
many more users that it really needed to and probably reduced the overall
security of those "special" accounts by putting them in the same bucket as
everyone else.
Using something like SPNEGO with HTTP Negotiate (which many browsers now
support) for the elevated accounts might be better. Add an "elevate privs
link, tie that to a trust level inside bugzilla and you're done. Possibly
even more secure as the super privs are only used when needed, not when
trawling the standard cruft (think sudo for bugzilla).
Admittedly, from an implementation point of view, what's been done is a lot
simpler ;-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090423/520c35e2/attachment.htm>
More information about the fedora-devel-list
mailing list