launchpad-dev team mailing list archive

Thread
Date

Re: Fwd: [Fwd: Quickly and Launchpad]

To: William Grant <wgrant@xxxxxxxxxx>
From: Martin Pool <mbp@xxxxxxxxxxxxx>
Date: Fri, 25 Jun 2010 16:27:01 +1000
Cc: Didier Roche <didrocks@xxxxxxxxxx>, Launchpad Community Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <1277446603.2476.2.camel@magrathea.qeuni.net>
Sender: martinpool@xxxxxxxxx

On 25 June 2010 16:16, William Grant <wgrant@xxxxxxxxxx> wrote:
> The code of the basic write implementation is simple. However,
> difficulty arises when we consider that normal API applications probably
> shouldn't be able to touch other authentication tokens. It is intended
> that one should be able to stop a rogue application by simple revoking
> its OAuth token; if applications were permitted to add new SSH and
> OpenPGP keys, they could add backdoors that would not be closed using
> normal means.

Interesting point.  And yet, if the upshot is that these programs
simulate a browser instead, it becomes a bit like security through
complication.  You won't stop genuinely malicious apps this way, and
by making it more complex you may increase the risk of things
accidentally causing trouble.  (For example someone is unlikely to
call addGPGKey accidentally, but it's plausible they might
accidentally scribble over something when pretending to be a browser.)

One thing we could do is send mail to the user's old address when a
gpg or ssh key or email address is added.

We could have a separate OAuth privilege for "allowed to change account data".

-- 
Martin

References

Fwd: [Fwd: Quickly and Launchpad]
From: Jonathan Lange, 2010-06-24
Re: Fwd: [Fwd: Quickly and Launchpad]
From: Martin Pool, 2010-06-25
Re: Fwd: [Fwd: Quickly and Launchpad]
From: Martin Pool, 2010-06-25
Re: Fwd: [Fwd: Quickly and Launchpad]
From: Didier Roche, 2010-06-25
Re: Fwd: [Fwd: Quickly and Launchpad]
From: William Grant, 2010-06-25