-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add CSRF protection capabilities #90
Comments
Implementation planningWe need
Idea:
|
Could a central IntelMQ component (such as the API) act as a authentication provider/proxy? |
We probably should harmonise them if we can. (There was an issue once where I asked to give recommendations about how to build IntelMQ webinterfaces.) Could a central IntelMQ component become an authentication provider/proxy? Yes, probably could. |
Hi, I don't think we gain a lot when having a central IntelMQ authentication provider, but it would add a lot of complexity. Also, that component would be a single point of failure- given that, IIUC, |
@schacht-certat yes, this is the drawback I was thinking of. However if fody and Intelmq manager are both used by a number of users, it does not make sense to have two completely different user account databases. |
Yes, I think it would be cool if both could access the same userdb! But I think implementing an authentication proxy/provider in IntelMQ would be overkill. The authentication portion of the session handling is basically only one method, that checks username/password and can easily be extended to pass those on to some external authentication provider (LDAP, some SSO... - a Postgres DB would already allow that). I'm just not sure how to best harmonize the DB backends in |
When trying to serve many requests quickly, each request has to be checked for authorisation. So there needs to be a backchannel for all serving workers to know which client is currently authorized. But this does not need to be a database, it could be a signed token like JSON Web Token (JWT). In the new IntelMQ Manager we tried to use a shared database, but found out that this is difficult to do fast with Apache's mod_wsgi and the two sqlite Python adapters we've tried. From this I think that using a JWT approach would be slightly better as it avoids this problem and I'd try it first. This would mean: no database necessary for the session information, just a shared secret (or a public key) for all workers. |
The quickest path to a working solution is to lift as many code as possible from https://github.com/certtools/intelmq-api for fody-backend. And easiest would be to just require intelmq-api as module and then import session or so. Later intelmq-api could be extended to provide postgresl support for the session database as a variant, for the installations that use the postgresql output bot anyway. |
Similar to certtools/intelmq-manager#111
the SPA should offer the possibility to log into the backend and use secure cookies
or request headers to protect against CSRF.
Right now the example configuration for apache only has Basic-Auth. So the current operational recommendation is to only use a browser for IntelMQ Fody and Manager that cannot access other sides. Or organise a better authentification protecting against this using the web server or proxies.
Implementation considerations
If certtools/intelmq-manager#111 is done, the experiences can be used to implement this for fody as well.
The text was updated successfully, but these errors were encountered: