Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
Minor
Description
Restricting access to files to signed code is method to improve security by limiting code that can read, write or have full access to a given file.
This is a ticket is discusses this feature in more detail:
- Would restricting access to files be a useful?
- What level of sophistication would be required?
- Sufficient to simple restrict all access to signed code only?
- Access restriction to specified files only?
- Different gpg signatures to access different files?
- Ability to specify Read access only or full access?
- How would superfiles be treated?
- If superfile access is restricted, can individual component parts be accessed?
- If restriction is specified for an individual part of a superfile, would that restriction need to propogate to the super file
- Where would the restriction be enabled/specified? Dali?
- How would access restriction be maintained when accessed outside Thor: for example, through EclWatch, file spraying/despraying, various std.File operations?
- If signed file access restriction was available, how likely is it to be used?
Attachments
Issue Links
- relates to
-
HPCC-15930 Allow access to files to be restricted to signed code
-
- Resolved
-
-
HPCC-17537 Configuration option to enable file restriction
-
- Resolved
-
-
HPCC-17682 Sign regression test files with hpcc key for HPCC-15930
-
- Resolved
-
1.
|
Codegen support for restricting files to signed code |
|
Resolved | Unassigned |
2.
|
Allow access to files to be restricted to signed code |
|
Resolved | Shamser Ahmed |