Feature #6605: Integrate the security policy into resource management - TYPO3.Flow - TYPO3 Forge

TYPO3 Flow Base Distribution TYPO3.Eel TYPO3.Flow TYPO3.Fluid TYPO3.Kickstart TYPO3.Welcome Packages Applications

Feature #6605

Integrate the security policy into resource management

Added by Andreas Förthner over 5 years ago. Updated over 4 years ago.

Status:

Resolved

Start date:

Priority:

Should have

Due date:

Assigned To:

Andreas Förthner

% Done:

100%

Category:

Security

Target version:

TYPO3 Flow Base Distribution - 1.0 alpha 14

Estimated time:

30.00 hours

PHP Version:

Complexity:

Has patch:

Description

Resources are basically objects that can be secured by model security (see #6604). We'll have to find a solution how secured files have to be handled by the resource manager.

One possiblity would be:

We have a special virtual folder named after the secure session key that holds symlinks to all resources the current user is allowed to access. We could also add a dynamic rewrite rule that restricts access to this folder to the IP of this user. The folder would have to "expire" with the user session.

Related issues

Associated revisions

Revision 670aa59c
Added by Andreas Förthner over 4 years ago

[+FEATURE] FLOW3 (Security): Implemented private resource publishing

Resolves: #6605
Change-Id: I6574cf086d6049594ead7950b7fafc7145bb6f0a

Revision 54832f5d
Added by Karsten Dambekalns over 4 years ago

[~TASK] FLOW3 Distribution: Add private resources rewrite rule

Relates to: #6605

Change-Id: I9f9510f82492380c736b3fae3cb67ef7e69f5e47

History

#1 Updated by Andreas Förthner over 5 years ago

Target version set to 1.0 alpha 9

#2 Updated by Robert Lemke over 5 years ago

Status changed from New to Accepted
Start date deleted (~~2010-02-25~~)
Estimated time set to 30.00

#3 Updated by Robert Lemke about 5 years ago

Target version deleted (~~1.0 alpha 9~~)

#4 Updated by Andreas Förthner about 5 years ago

Target version set to 1.0 alpha 11

#5 Updated by Karsten Dambekalns almost 5 years ago

Target version deleted (~~1.0 alpha 11~~)

#6 Updated by Andreas Förthner almost 5 years ago

Target version set to 1.0 alpha 13

#7 Updated by Karsten Dambekalns over 4 years ago

Target version changed from 1.0 alpha 13 to 1.0 alpha 14

#8 Updated by Andreas Förthner over 4 years ago

Status changed from Accepted to Resolved
% Done changed from 0 to 100

Applied in changeset 670aa59cae5dbbcb9b265ea24d8c29a6357e9eb0.

Also available in: Atom PDF