#7654 NORM Future : idmgr - needs to be split better and simplified
Zarro Boogs per Child
bugtracker at laptop.org
Sat Jul 26 02:02:13 EDT 2008
#7654: idmgr - needs to be split better and simplified
----------------------------+-----------------------------------------------
Reporter: martinlanghoff | Owner: martin.langhoff
Type: defect | Status: new
Priority: normal | Milestone: Future Release
Component: school server | Version: not specified
Keywords: | Next_action: never set
Verified: 0 | Blockedby:
Blocking: |
----------------------------+-----------------------------------------------
idmgr needs to be split for security reasons.
The goal is to have the XML-RPC part as a very simple mod_python handler
running in Apache. With this we remove the sec risk of having a Python
process running as root on a public port. And we get rid of the mem
pressure of an additional unshared python in memory.
The privileged part of the execution - user creation - needs to perform
all the input checks again. We can trigger it via sudo or an incrond watch
on a directory.
Other cleanups
- simplify configuration
- get rid of SQLAlchemy
- prepare it to use a separate Pg database
--
Ticket URL: <http://dev.laptop.org/ticket/7654>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system
More information about the Bugs
mailing list