From MozillaWiki
Jump to: navigation, search
Items to be reviewed

Introduce Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

  • code is a SASL extension for OpenLDAP to allow an LDAP server to function as an intermediary between an LDAP consuming relying party and an Identity Authority (in this case,

What solutions/approaches were considered other than the proposed solution?

  • Putting BID auth flow in Django
  • BID proxy daemon (very thin plugin)
  • Implementing verification locally
  • Session store in Django, hashing in Django
  • storing hash of assertion in cookie, instead of entire assertion

Why was this solution chosen?

  • Works with OpenLDAP ACL (security in depth)
  • Balances amount of C code with deployment complexity

Any security threats already considered in the design and why?=

  • Buffer overflow
  • session cache attack (?)

Threat Brainstorming

  • django to open-ldap is across the network
  • is the SASL client plugin exposed externally at all ? ie is it only django itself that can call into it, there's no exposure via direct URL's ?
    • you could potentially pass bad email address to django which forwards to the plugin
    • urls like /login and /register potentially - entry points are limited to the web forms that talk to the plugin, there shouldn't be any direct access
  • using SSL in the plugins
  • signing of the cookie is done by django (django provided Signed Cookies)
    • username/password is stored in the cookie
    • this will be replaced with a browser ID assertion

Conclusions / Action Items

  • [dchan] Code Review
    • may be constrained by goals implementation
  • [possible?] fuzzing
  • need secure SASL dev expertise
    • Cyrus Daboo, Howard Chu - SASL experts - may lead to consultants?
  • [ozten] Vagrant VM