| === Guest52828 is now known as StevenK | ||
| stub | wgrant: So I was wondering if that it isn't so much for security, but to ensure requests are not accidently processed twice, eg. when a client retries a request unnecessarily. I don't think we need to care about that, as our calls are idempotent? | 06:46 |
|---|---|---|
| stub | wgrant: The person to ask about the security side would be the security team, since they spend all their time thinking about this stuff. | 06:46 |
| wgrant | stub: If it was to avoid accidental double-processing it wouldn't apply to GETs. | 06:51 |
| stub | wgrant: OAuth doesn't dictate that GETs are idempotent, does it? That is just sanity, not the spec. | 06:52 |
| wgrant | stub: The OAuth spec says that nonces and timestamps aren't used for PLAINTEXT. | 06:52 |
| wgrant | So it would have to be local, non-RFC reasoning | 06:52 |
| wgrant | And our GETs are idempotent. | 06:52 |
| stub | yeah, anyway, that is the best I can come up with. | 06:53 |
| wgrant | Hmm | 06:54 |
| wgrant | Oh | 06:54 |
| wgrant | I guess some people still had that "wouldn't it be great if we let everyone not use TLS" braindeadness back then. | 06:54 |
| wgrant | So perhaps they envisaged non-PLAINTEXT signatures in the future. | 06:55 |
| wgrant | But it's not 1997, so that's not a concern any more. | 06:56 |
| stub | -According to the oauth specification <http://oauth.net/core/1.0/#nonce>, for a | 07:02 |
| stub | 181-given client, an application should not accept a timestamp older than the most | 07:02 |
| stub | 182-recent timestamp received. | 07:02 |
| stub | That is an interesting property that we lose | 07:02 |
| stub | Only reduces the window from a security pov. I guess clients don't really care - if they resend requests, it is by choice. | 07:04 |
| wgrant | stub: We always left a more liberal window anyway | 07:05 |
| wgrant | A full minute, in fact | 07:06 |
| wgrant | So unless a client is buggily retrying requests more than a minute later, nothing changes. | 07:06 |
| stub | wgrant: Go for it from my POV. Maybe run it by the security team to see if they have any rationale for keeping it. | 07:12 |
| wgrant | stub: Thanks. | 07:14 |
| === Ursinha is now known as Ursinha-afk | ||
| === Ursinha-afk is now known as Ursinha | ||
| wgrant | cprov__: https://code.launchpad.net/~wgrant/launchpad/bug-1201984/+merge/225011 | 14:14 |
| cprov__ | wgrant: on it | 14:16 |
| === cprov__ is now known as cprov | ||
| cprov | wgrant: are you sure is_enabled is equivalent to lp.Append in this context ? | 14:21 |
| cprov | wgrant: I mean, won't we list PPA alternatives for which the user cannot upload to (exception will be raised, I presume) | 14:22 |
| wgrant | cprov: It doesn't have to be exactly equivalent. getPPAsForUser just has to approximate it; the permission check is done properly later and the copy will be rejected. | 14:23 |
| wgrant | The permission check could also fail today, eg. if the permission was revoked between the request and the running of the job. | 14:24 |
| cprov | wgrant: true, the permission check is delegated to the job itself. | 14:24 |
| cprov | wgrant: I think users are already used to check copy results in the destination PPA, but that will certainly make it more importantly. | 14:31 |
| wgrant | They can fail for heaps of different reasons. | 14:34 |
| wgrant | This is a pretty rare one. | 14:34 |
| wgrant | Thanks. | 14:34 |
| === tasdomas` is now known as tasdomas | ||
| === Ursinha is now known as Ursinha-afk | ||
| === Ursinha-afk is now known as Ursinha | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!