[cosmo-dev] options to fix security hole

[Randy Letness]

Mimi Yin wrote:
> + Could an item 'inherit' a new ticket from another read-write 
> collection? OR

Thats currently what happens when an item is added to another 
collection, it essentially inherits the tickets from the collection.

> + Could the server selectively *not* delete tickets for items that are 
> also in other collections?

Tickets are issued on a collection basis currently.   So when a 
collection is deleted, the tickets are deleted, otherwise they would be 
in limbo.

> Currently, ff we don't remove the item, what happens? Can anybody edit 
> the item?

Anyone with access to a collection that the item is in can edit the 
item.  So for instance:

1. I publish collection 1 with item A
2. You subscribe to collection 1 using ticket T1
3. You add A to your collection 2, and sync collection 2 (item A is now 
in collection 1 and collection 2)
4. I unpublish colleciton 1 (ticket T1 is removed because it was 
assigned on collection 1, item A is removed from collection 1 but still 
exists in collection 2)
5. You update item A using collection 2.
6. You can share item A using tickets generated from collection 2

Thats currently the way it works, which is once you share an item and 
that item is added to other collections not owned by you, you 
essentially have no control over it.

An alternative approach would be:

1. I publish collection 1 with item A
2. You subscribe to collection 1 using ticket T1
3. You add A to your collection 2, and sync collection 2 (item A is now 
in collection 1 and collection 2)
4. I unpublish collection 1 (ticket T1 is removed because it was 
assigned on collection 1, item A is removed from collection 1 and 
collection 2 because T1 was used to add A to collection 2)

-Randy





-Randy