Hi job On 21/08/2015 02:32, Job Snijders wrote:
On Fri, Aug 21, 2015 at 01:58:46AM +0200, denis wrote:
When it was suggested to hide the password hash I thought that was a mistake. We should have hidden the whole MNTNER object from public view. Why does anyone outside of my organisation need to see anything in my MNTNER object? Why should you know if I use a password or PGP or whatever? This is my business not yours.
This seems to play into another thread, where someone had trouble retrieving the proper value of some "auth:" lines. It would be worth exploring how we can hide all "auth:" lines yet make them easily accessible to the owner.
Bear in mind that I have spent years thinking about some of these issues from many angles :) Sometimes a simple, quick fix is considered to be the appropriate course of action. I guess that is why we hid the password hashes. But in the end that proved to be not simple. Sometimes it is worth taking a step back and looking at a wider picture. If you hide anything there has to be some method for the right people to see what is hidden. Once you start trying to hide significant parts of an object it may be easier to hide the whole object. And there can be additional benefits in that. Notifications are part of the security system within the database. Just as with the security tokens, there is no justifiable reason why the public should have any knowledge of who gets notified within my organisation when data is changed or some attempt is made. If the whole MNTNER object is hidden it can be shown to authenticated users by an update with a pseudo attribute. Just as with a "dryrun:", if we have another pseudo attribute "show:" then instead of doing an update the full, current object is returned if the authorisation is valid. This will work with any of the authorisation tokens in the object. cheers denis
Kind regards,
Job