[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: No more Bugzilla for me



On Wed, Apr 22, 2009 at 7:22 PM, Carwyn Edwards <carwyn carwyn com> wrote:


2009/4/22 Emmanuel Seyman <emmanuel seyman club-internet fr>


The Bugzilla used by Fedora contains sensitive information (i.e.,
restricted to certain accounts). Thus, we need strong passwords
on the accounts.

Actually, it's only those certain accounts that need strong passwords, as long as the application itself is secure the only passwords that are dangerous are the ones that belong to the users with high security accounts.

The problem here really is that there's no group based separation of auth policy.

Strong passwords don't really help verify identity for relatively unknown persons anyway. So what if you can prove I know my password. You still have no idea who I am.

This is a case of using a sledgehammer to crack a nut. The authenticity of most bugzilla.redhat users means very little, it actually means more to the end user than the service provider. This approach seems to have affected many more users that it really needed to and probably reduced the overall security of those "special" accounts by putting them in the same bucket as everyone else.

Using something like SPNEGO with HTTP Negotiate (which many browsers now support) for the elevated accounts might be better. Add an "elevate privs link, tie that to a trust level inside bugzilla and you're done. Possibly even more secure as the super privs are only used when needed, not when trawling the standard cruft (think sudo for bugzilla).

Admittedly, from an implementation point of view, what's been done is a lot simpler ;-)




--
fedora-devel-list mailing list
fedora-devel-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-devel-list


Why not secure the actual authentication process with a crypto scheme, such as AES or DiffieHellman? Better yet, if Fedora does move off of the Red Hat Bugzilla, maybe we could use something else for bug tracking that does support these schemes because Bugzilla is very very slow most of the time I try to use it. 

However, if you really want to be paranoid, why not require Yubikey OTPs for people using the bugzilla :P j/k

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]