Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scoping, filtering, security #10

Open
colindresj opened this issue Aug 4, 2016 · 2 comments
Open

Scoping, filtering, security #10

colindresj opened this issue Aug 4, 2016 · 2 comments

Comments

@colindresj
Copy link

Experimenting with doing something similar to the datsys architecture, but am having trouble working through some of the security concerns managing a datascript <-> datomic connection.

I did read this, but I don't feel like it answers all the questions. What are your thoughts on doing access control, permissions, etc. at both the write and read level? In other words, how do we prevent one client from executing a transaction they shouldn't, and how do we effectively scope responses being sent back down based of a query or as a reaction to a transaction?
@metasoarous
Copy link
Owner

Did you watch the ClojureWest talk? I touched on this a bit there, but didn't go into details.

For read, the idea is to pass all transaction data through filters which embody the access control rules of the domain. The implementation of those filters can depend a bit on the specifics of the domain and rules granularity. But more or less, you need a function that either at the entity or datom level decides whether or not user x has access to datom/entity y, and decides which datoms to send to which clients based on that rule.

For write, things are fairly similar; define some functions which test for whether or not a given transaction is permissible based on the submitting user and the domain's access control model. Then either run that test before transacting, or actually run the test in a transaction function if you're access control model necessitates atomicity. The latter should probably be avoided when not necessary (and frequently I don't think it will be necessary), as it would put more work on the transactor (bottleneck).

My plan is to focus on this stuff more once datview has gotten to be a bit more stable. Then we'll have some more prepackaged functionality and dataflow, but for now just inlining those checks before sending out or transacting data is the ticket.

I know this is a pretty broad and general response, so let me know if you're already ahead of me, and whether there are more specific questions I can answer.

@colindresj
Copy link
Author

In terms of functions that would be run against reads and writes, are you talking about rules, or more manual functions that receive a query, parse and determine whether or not it should be allowed?

And as far as filtering, do you mean using filters, or was that in a more general sense?

@metasoarous metasoarous mentioned this issue Nov 21, 2016
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@metasoarous @colindresj