Security/Reviews/Nucleus

From MozillaWiki
Jump to: navigation, search

Nucleus Risk Review

Reference: https://mana.mozilla.org/wiki/display/SECURITY/Business+Level+Risk+Assessment

TL;DR

Nucleus is a publishing system for Bedrock. It's risk level is P-1 A-2 R-2 Au-2. The system is suitable to run in PaaS, as long as no confidential information is stored in it (ex: unreleased security advisories).

Attendees:

  • jgmize, curtisk, hoosteeno, ulfr, cturra, adamm

Project description & scope

  • webprod team. create the possibility to publish www.mozilla.org without a pull request (or svn).
  • initial use case: release managers publish release notes
  • publish through API, instead of using a django admin

Target users

  • content creators for w.m.o, likely only MoCo
  • First release is "RNA", the release notes publishing tool. Content publishers will be staff on the release management team.
  • community members with commit access can also use this as they have LDAP accounts
  • access given to individual users, on a case by case basis
  • Note: we are integrating with browserid/persona https://bugzilla.mozilla.org/show_bug.cgi?id=922377

Threats

    • PR risk: if someone gains access and publish bogus content

Privacy: 1

For now only public data, non-critical, will be handled. NOT SUITABLE CONFIDENTIAL DATA. Data awaiting publication might be critical (security advisories). only public data once published.

Availability: 2

48 hours restart time is sufficient

Recovery: 2

Nucleus would be replicated to Bedrock frequently. 

   * Note: there isn't a direct bedrock to nucleus recovery path AFAIK

User's ACLs needs to be backed up. Weekly is acceptable.

Audit: 2

Need for auditability is low with a trusted group of content managers. It is sufficiently satisfied by logs of authentications: creation, modify time, login name. no need to log the detail of changes on a publication.

Action items

  • jgmize/cturra talk about how to get to web logs
  • hoosteeno/jgmize don't allow draft storage of confidential/sensitive info without another security risk assessment
  • in order to do security review...
    • risk assessment (this meeting)
    • security sprint (when code is ready)
Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Reviews/Nucleus&oldid=753778"