Talk:Gallery2:Embedding:Integration Aspects

From Gallery Codex

User authentication

Is there a security issue here? The slave application trusts the master application to have authenticated its user. But if the slave application can be called directly by an attacker, then authentication has been circumvented. How do you keep attackers from calling the slave application directly? Just through general access controls?

Would it make more sense to have the master query the user for authentication information (a cookie?) that will make the slave happy? Then, just pass that authentication information across to the slave untouched. The slave can then decide if that particular user is allowed access to that particular information. An outside attacker would still have to be able to pass along good authentication information if they managed to access the slave directly.

Twinotter 13:14, 17 July 2007 (PDT)

--Valiant 15:28, 17 July 2007 (PDT) - No, there's no security issue. The assumption is that one can't access the slave directly. And if the slave is accessed directly, the slave is responsible for the auth. The slave exposes an API to the master that isn't accessible for any attacker (HTTP vs API access). The slave doesn't really omit auth, it just delegates the auth to the master when it's called through the API.