Opened 11 years ago

Last modified 9 years ago

#32 new defect

Sequences with protection level >0 can be deleted in Search and Query

Reported by: fog Owned by: westram
Priority: major Milestone:
Component: ARB_NTREE Version: SVN
Keywords: security Cc:

Description (last modified by westram)

Sequences can be deleted from the database using the 'Delete Listed' button in Search and Query even if the sequence has S3 in ali_16S/data and my protectin in ARB_NT is 0

Change History (7)

comment:1 Changed 11 years ago by westram

  • Owner changed from devel to westram
  • Status changed from new to assigned

comment:2 Changed 11 years ago by westram

Security concept of ARBDB is much too complicated:

  • There are 3 kinds of security levels (READ, WRITE and DELETE):
    • Only the WRITE level is visible to users.
    • The READ security isn't used at all
    • The DELETE security is only used when deleting
  • When deleting containers (e.g. species) only the DELETE security is checked. Problems arise, because the DELETE security is not increased, when changing WRITE security levels of sub-fields

More transparent concept:

  • only use ONE security level (WRITE security)
  • when setting security of a field or container
    • increase security of parent container if lower
    • decrease security of parent container if higher (use security of most secure child)

Other things needed:

  • database check at startup to correct all security levels

comment:3 Changed 11 years ago by fog

  • Summary changed from Sequences with protection level >0 canbe deleted in Search and Query to Sequences with protection level >0 can be deleted in Search and Query
  • Version changed from CVS to stable-2007

comment:4 Changed 9 years ago by westram

  • Component changed from !NoIdea to ARB_NTREE
  • Version changed from stable-2007 to SVN

comment:5 Changed 9 years ago by westram

  • Keywords security added
  • Status changed from assigned to new

comment:6 Changed 9 years ago by westram

  • Description modified (diff)
  • Status changed from new to assigned
  • cannot reproduce this anymore - need a small example DB

comment:7 Changed 9 years ago by westram

  • Status changed from assigned to new
Note: See TracTickets for help on using tickets.