[cosmo-dev] options to fix security hole

Mimi Yin mimi at osafoundation.org
Tue Feb 19 15:16:51 PST 2008 

Hi Randy,

On the Desktop, even when someone removes a shared collection from  
the server, the Desktop doesn't delete the collection / items  
locally. The collection simply no longer syncs. If there are items in  
that collection that also belong in other collections that *are*  
still syncing, then my assumption is that those items continue to  
live in those 'other' collections locally and on the server and  
continue syncing. Grant? Jeffrey?

I understand that to simulate this behavior on the web UI  would  
require a lot of work. However, I'm wondering if we can tackle a  
subset of that behavior.

Currently, when you delete collections in the Desktop, we don't  
delete items that have been manually added to other collections.

Is it feasible to follow that model on the server?

Mimi

On Feb 15, 2008, at 1:33 PM, Randy Letness wrote:

> How important is it to be able to revoke write access to items  
> shared via a read-write ticket?  I ask because this gets tricky  
> with items in multiple collections.  My original thinking was to  
> store the read-write ticket used to add an existing item to another  
> collection with the item<-->collection relationship.  That way  
> there would be a way to "revoke" write access to an item shared  
> this way, because we would know all collections that the item was  
> added to using that ticket and we could remove that item from those  
> collections.
> But what happens when a collection is removed from the server  
> (unpublished)?  In this case, all tickets are removed, so what  
> should happen to the items that were added to other collections  
> using these tickets?  Should these items be removed from those  
> collections?
>
> Example:
>
> 1. Randy creates item "Rock Band Party", adds it to his collection   
> "parties"
> 2. Randy shares collection "parties" using read-write ticket T1 to  
> Travis
> 3. Travis subscribes to "parties" using ticket T1, adds item "Rock  
> Band Party" to his collection "tvachon"
> 4. Travis syncs his collection "tvachon", and the desktop client  
> includes ticket T1 in the update request, which allows item "Rock  
> Band Party" to be added to collection "tvachon" read-write
> 5. Randy unpublishes his collection "rletness", removing the  
> collection and ticket T1 from the server
>
> In this case, should the shared item "Rock Band Party" be removed  
> from the "tvachon" collection because it was originally added using  
> the no-longer valid ticket T1? Or should it stick around in  
> "tvachon" even though the ticket used to originally add it isn't  
> valid.
>
> My thinking is that if you share items using a collection ticket,  
> and that collection ticket is no longer valid (removed from  
> server), then it seems like any items added to other collections  
> using that ticket should be removed from those collections.  But,  
> that may not be what everyone else thinks.
>
> -Randy
>
> _______________________________________________
> cosmo-dev mailing list
> cosmo-dev at lists.osafoundation.org
> http://lists.osafoundation.org/mailman/listinfo/cosmo-dev

More information about the cosmo-dev mailing list