Sikkerhetsproblem med require_god

[simen]

require_god har et stort sikkerhetsproblem nå ettersom de ikke sjekker at ressursen og brukeren hører til samme realm. Det gir i praksis alle guder mulighet til å laste alle ressurser i systemet.

[kytrinyx]

I started looking into this, and we can't just assume that the request.host is going to map to the realm, because people can make requests to a different host.

We actually need to verify against the resource(s) that are being fetched, and we won't know this until we've actually fetched the resource.

I don't see how we can implement the realm check in require_god and require_identity

[simen]

No, but wouldn't the correct way to do this be passing the expected realm to require_god?

def require_god(realm = nil)

And log a warning if realm is not provided?

[simen]

Also we should provide a current_realm method that is heavily cached (by request host) and uses checkpoint to determine realm.

[kytrinyx]

Cool, that makes sense.