27 Jul 2001 jonabbey   » (Journeyer)

I'm looking at the tail end of a 14 hour work day today. It's been a very long time since I've done that. Wound up reworking part of Ganymede's permissions system. I had left a hole in the permissions system, where the "built-in" fields that all objects automatically have (Owner List, Notes, Expiration Date, Removal Date) did not have their permissions tracked independently of the object as a whole. That meant that if an end user was allowed to edit an object to change their password, that end user was also capable of mucking with those four fields.

Bad, dumb, silly, senseless. But I fixed it good, and put in a number of explicit permissions rules in the server that will make everything a lot safer in the presence of a malicious client. In general, I've been very good about making the server not trust the client for anything, but there were some subtle aspects to the permission rules that assumed good behavior on the client's part rather than being explicitly enforced. No more.

So.. a good, old-fashioned late night hack session, with lots of good music (Morcheeba, the soundtrack to Trainspotting) cranked up way louder than I can do when I'm not the only engineering staff member in the building. And I've got some good changes that will make version 1.0.5 worthwhile soon, yay.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!