launchpad-dev team mailing list archive
-
launchpad-dev team
-
Mailing list archive
-
Message #03663
Re: Fwd: [Fwd: Quickly and Launchpad]
Le vendredi 25 juin 2010 à 16:34 +1000, William Grant a écrit :
> On Fri, 2010-06-25 at 08:28 +0200, Didier Roche wrote:
> > Le vendredi 25 juin 2010 à 16:16 +1000, William Grant a écrit :
> > > The code of the basic write implementation is simple. However,
> > > difficulty arises when we consider that normal API applications probably
> > > shouldn't be able to touch other authentication tokens. It is intended
> > > that one should be able to stop a rogue application by simple revoking
> > > its OAuth token; if applications were permitted to add new SSH and
> > > OpenPGP keys, they could add backdoors that would not be closed using
> > > normal means.
> > >
> >
> > My point is that people are already able to do to that with
> > screenscrapping (see GoundControl for instance), I don't really
> > understand why exposing those to API is more or less a security issue
> > there when people click on "change everything".
> > Or do you mean that adding gpg or ssh key writable to API is opening
> > other backdoor than the site itself doesn't enable?
>
> If I give an application my SSO email address and password, I expect
> them to be able to do anything at all. But applications aren't meant to
> request that information -- one reason is that it's a lot harder to
> revoke access granted that way, and those credentials have access to a
> lot more than just Launchpad. OAuth is meant to be a solution to this.
>
> I think perhaps an additional access mode which permits alteration of
> authentication tokens could work. We already need more flexibility in
> that area.
>
Here is what GC does:
it opens a browser windows embeeded in webkit widget to get the
credential and cookie. It think from user point of view, they don't see
the difference from that that regular launchpad applications that uses
the API to open the request in a real webbrowser window. So my remark on
the fact it's not real security.
Well, I'm still puzzled and don't know what to do for Quickly: again, if
I can work with you guys to have the "good way", like done with jml on
gpg/ssh access last cycle, I'm all in favor for that. I just realized
last cycle than hacking on LP was time consuming and quite hard when you
don't know the rationale :)
Didier
Follow ups
References