launchpad-dev team mailing list archive

Thread
Date

Can we get rid of per-script table permissions

To: Stuart Bishop <stuart.bishop@xxxxxxxxxxxxx>
From: "Francis J. Lacoste" <francis.lacoste@xxxxxxxxxxxxx>
Date: Tue, 06 Dec 2011 14:41:48 -0500
Cc: Launchpad Development List <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
Organization: Canonical
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111124 Thunderbird/8.0

Hi Stuart,

Can we get rid of per-script table permissions? Is there a significant
benefit to this policy in terms of isolation. The bulk of our code runs
in the app server with almost unlimited access to the DB.

There are significant costs to maintaining that policy:

- In the sample of my critical analysis, DB permission errors were 6% of
the critical bugs.
- Just in the last weeks, we had DB permission problems occured 2 or 3
times.
- We have several tests that only purpose is to create complex enough
hierarchy of object to ensure that the script still runs without
permission error.
- We could probably simplify the deployment (since we'd only need to
create and remove users, not permission group.)

So I think to put up with such costs, the benefits have to be clear. And
as I understand it currently, I don't think that's the case.

On the other hand, I think maintaining the one-user per script policy is
great for an auditing purpose, and doesn't cost us much to keep.

Cheers

-- 
Francis J. Lacoste
francis.lacoste@xxxxxxxxxxxxx

Attachment: signature.asc
Description: OpenPGP digital signature

Follow ups

Re: Can we get rid of per-script table permissions
From: Julian Edwards, 2011-12-07
Re: Can we get rid of per-script table permissions
From: Gary Poster, 2011-12-06