PROJECTS: qua-server
CHANGESET: Yesod sessions, authorization, websockets, database, conduit
DESCRIPTION:
LuciProxy redirects luci protocol from websockets to TCP in our local network. This allows qua-view as JavaScript client communicate with helen and her services as if being a normal TCP client.
Currently, LuciProxy just forwards everything it sees from client to server and back, which is not secure at all. I propose to change its behavior to parse all the messages and filter run messages according to service names and user privileges. An easy way is to keep an access list for different user groups/roles.
According to my current understanding, a possible solution consists of following steps:
- Create a new tables representing user groups (we need many users <-> many groups). This can be done in
config/models
- Design groups and rules of how to assign users to groups (manually and automatically)
- Adapt
LuciProxy to parse messages and filter the ones not allowed for a given user.
PROJECTS: qua-server
CHANGESET: Yesod sessions, authorization, websockets, database, conduit
DESCRIPTION:
LuciProxyredirects luci protocol from websockets to TCP in our local network. This allowsqua-viewas JavaScript client communicate withhelenand her services as if being a normal TCP client.Currently,
LuciProxyjust forwards everything it sees from client to server and back, which is not secure at all. I propose to change its behavior to parse all the messages and filterrunmessages according to service names and user privileges. An easy way is to keep an access list for different user groups/roles.According to my current understanding, a possible solution consists of following steps:
config/modelsLuciProxyto parse messages and filter the ones not allowed for a given user.