search

backdrop-ops / backdropcms.org

Issue tracker for the BackdropCMS.org website
https://backdropcms.org
25 stars 21 forks source link

[Security] make PR sandboxes more secure. #248

Closed klonos closed 2 years ago

klonos commented 8 years ago

As it is currently, the sandboxes that are automatically created with each PR have their admin login details in plain text in a comment. Also, we allow people to upload and install arbitrary project packages. This could include custom, non-contrib code that abuses the PR sandbox server to do whatever (send spam, do DDoS attacks, host illegal sites etc).

Can we have the sandbox server utilize the new GitHub SSO module for admin login so that we at least do not have the credentials in plain text out in the open?

Gormartsen commented 8 years ago

@klonos Yes it is possible, but there is only one match for admin, there is a need for work around.

I propose to give admin role to anyone registered via SSO. It could be small simple module to do so.

Gormartsen commented 8 years ago

There is another problem. We need to change account settings as well:

screen shot 2016-05-26 at 6 38 24 pm

Default setting will prevent SSO from login. IT will show message that user created and approval required.

Gormartsen commented 8 years ago

@klonos I don't think that it's big issue. QA located on VPS. QA websites run under qa user. No root access.

Email sending is under monitoring, so I will know about spam activity on time. It will be possible to put webshell or trojan over there but it's kinda useless.

There is almost 0% chance to do harm because there is 0 sensitive information get stored on QA server.

klonos commented 8 years ago

Fair enough.

The solution of creating separate users and giving them admin role sounds good to me (if we figure out how to create users without requiring approval that is). It might be worth the effort if it is to increase security.

Gormartsen commented 8 years ago

@klonos We can create QA installation profile, that will setup extra module and change account settings to login without approval and get admin role.

klonos commented 8 years ago

Sounds great :+1:

oadaeh commented 2 years ago

Is this still a thing? And is it related to https://github.com/backdrop-ops/backdropcms.org/issues/208?

ghost commented 2 years ago

Yes, related to/duplicate of https://github.com/backdrop-ops/backdropcms.org/issues/208. Let's close this one, since the other has info about Tugboat.