Task #3202 (closed)
Prevent use of changeUserPassword without admin password
| Reported by: | jamoore | Owned by: | atarkowska |
|---|---|---|---|
| Priority: | critical | Milestone: | OMERO-Beta4.3 |
| Component: | Documentation | Version: | n.a. |
| Keywords: | n.a. | Cc: | atarkowska, wmoore, jburel, bwzloranger, saloynton |
| Resources: | n.a. | Referenced By: | n.a. |
| References: | n.a. | Remaining Time: | 0.0d |
| Sprint: | 2011-05-19 (12) |
Description (last modified by jmoore)
See #3201
Confirm the valid scenario:
Otherwise an attacker could:
sniff a session uuid from the wire (which will eventually timeout)
login with the session uuid
call changePassword
start creating new sessions with the new password
I realize that in the web scenario N-1 of the workers will have been authenticated with a session uuid, so if you receive a SecurityViolation? you will need to re-authenticate, or create a temporary SSL-based omero.client with the real password.
NB: This is a follow-on to #3201
Change History (25)
comment:1 Changed 13 years ago by jburel
- Cc bwzloranger added
- Component changed from General to Documentation
- Milestone changed from Unscheduled to OMERO-Beta4.3
comment:2 Changed 13 years ago by jmoore
- Owner set to bwzloranger
- Type changed from User Story to Task
comment:3 Changed 13 years ago by bwzloranger
comment:4 Changed 13 years ago by saloynton
- Cc saloynton added
comment:5 Changed 13 years ago by saloynton
- Description modified (diff)
- Owner changed from bwzloranger to saloynton
- Remaining Time set to 0.2
- Sprint set to 2011-05-05 (11)
comment:6 Changed 13 years ago by saloynton
- Status changed from new to accepted
comment:7 Changed 13 years ago by jmoore
- Cc atarkowska added
- Description modified (diff)
- Owner changed from saloynton to jmoore
- Remaining Time changed from 0.2 to 0.5
After talking to Ola, the decision was to add a method on omero.api.ServiceFactoryPrx allowing users to pass in their password changing the server-side boolean which tracks whether or not @RolesAllowed("HasPassword") should be considered true. This seems simpler than adding new methods (changeUserPasswordWithAdminPassword(string, string, string)) or adding a new exception (requiring clients to create a new session with the password, etc.)
I'll take over this for making the modifications, and then pass on to Ola.
comment:8 Changed 13 years ago by jmoore
- Owner jmoore deleted
- Status changed from accepted to new
comment:9 Changed 13 years ago by jmoore
- Owner set to jmoore
comment:10 Changed 13 years ago by jmoore
- Status changed from new to accepted
comment:11 Changed 13 years ago by jmoore
- Summary changed from Add TestingScenarios for changing passwords, etc. to Prevent use of changeUserPassword without admin password
Changing name of ticket since it is now server-side implementation with tests under OmeroPy. It should also be moved out of the documentation story.
comment:12 Changed 13 years ago by jmoore <josh@…>
(In [451b207719fcf3e7656f0fe67ce118f858586948/ome.git] on branch develop) Preventing changeUserPassword unless setSecurityPassword after joinSession (See #3202)
comment:13 Changed 13 years ago by jmoore
- Owner changed from jmoore to atarkowska
Passing off to you, Ola.
comment:14 Changed 13 years ago by jmoore <josh@…>
(In [aad93e2e20a7f5dffdbba61c230c8960c5838d5c/ome.git] on branch develop) Fixing test compilation (See #3202)
comment:15 Changed 13 years ago by atarkowska
- Sprint changed from 2011-05-05 (11) to 2011-05-19 (12)
comment:16 Changed 13 years ago by atarkowska
- Owner atarkowska deleted
- Status changed from accepted to new
comment:17 Changed 13 years ago by atarkowska
- Owner set to atarkowska
comment:18 Changed 13 years ago by jmoore <josh@…>
(In [4a370b286230204c5f17377d64b6ce92713e6cc1/ome.git] on branch develop) Adding setSecurityPassword to SV message (See #3202)
comment:19 Changed 13 years ago by jmoore <josh@…>
(In [13604c5b407853b1a2ddffba4790676616ada361/ome.git] on branch develop) Fixing gateway test fixture with setSecurityPassword (See #3202)
comment:20 Changed 13 years ago by Will Moore <will@…>
(In [5069050458373d45292e351889fb5704fa83920c/ome.git] on branch develop) Updating password fix of dbhelpers to use ROOT.passwd. See #3202
comment:21 Changed 13 years ago by atarkowska
- Status changed from new to accepted
comment:22 Changed 13 years ago by Aleksandra Tarkowska <aleksandrat@…>
- Remaining Time changed from 0.5 to 0
- Resolution set to fixed
- Status changed from accepted to closed
(In [971772d5ed4d3137f68ef7bc39e653742b31d7c2/ome.git] on branch develop) this prevents of changeUserPassword without admin password
, close #3202
comment:23 Changed 13 years ago by Aleksandra Tarkowska <aleksandrat@…>
(In [54464d542fb5f1ae121578da44b1fa91f42fc368/ome.git] on branch develop) this fixes the webadmin tests and changed the way error is handled, see #3202
comment:24 Changed 13 years ago by jmoore <josh@…>
(In [73d2a8323d0ae160ed18938cd9b37b5245427ba3/ome.git] on branch develop) Fix another setSecurityPassword issue in dbhelpers.py (See #3202)
comment:25 Changed 13 years ago by jmoore <josh@…>
(In [d12e924916c6299bfccb1b5962e0b8228d7e4b13/ome.git] on branch develop) Call setSecurityPassword on omero user password (See #3202, Fix #5841)
See https://trac.openmicroscopy.org.uk/ome/ticket/3201#comment:2 for example of issues that need to be covered.