On Fri, 21 Aug 2015, denis wrote:
Hi job
On 21/08/2015 02:32, Job Snijders wrote:
On Fri, Aug 21, 2015 at 01:58:46AM +0200, denis wrote:
When it was suggested to hide the password hash I thought that was a mistake. We should have hidden the whole MNTNER object from public view. Why does anyone outside of my organisation need to see anything in my MNTNER object? Why should you know if I use a password or PGP or whatever? This is my business not yours.
This seems to play into another thread, where someone had trouble retrieving the proper value of some "auth:" lines. It would be worth exploring how we can hide all "auth:" lines yet make them easily accessible to the owner.
Bear in mind that I have spent years thinking about some of these issues from many angles :) Sometimes a simple, quick fix is considered to be the appropriate course of action. I guess that is why we hid the password hashes. But in the end that proved to be not simple. Sometimes it is worth taking a step back and looking at a wider picture.
If you hide anything there has to be some method for the right people to see what is hidden. Once you start trying to hide significant parts of an object it may be easier to hide the whole object. And there can be additional benefits in that. Notifications are part of the security system within the database. Just as with the security tokens, there is no justifiable reason why the public should have any knowledge of who gets notified within my organisation when data is changed or some attempt is made.
If the whole MNTNER object is hidden it can be shown to authenticated users by an update with a pseudo attribute. Just as with a "dryrun:", if we have another pseudo attribute "show:" then instead of doing an update the full, current object is returned if the authorisation is valid. This will work with any of the authorisation tokens in the object.
Somethin like that, yes. I agree that i might not be necessary for the whole world to know the exact persons listed in a maintainer object, as long as it is not hidden for those authorized. Cheers, Daniel _________________________________________________________________________________ Daniel Stolpe Tel: 08 - 688 11 81 stolpe@resilans.se Resilans AB Fax: 08 - 55 00 21 63 http://www.resilans.se/ Box 45 094 556741-1193 104 30 Stockholm