Wondering about the practice of running code under the philosophy of least privilege inside Rails -- or perhaps its a Ruby question. (New to both). I''m used to a language called Lasso which has a security layer between the source code and the interpreter (or between the interpreter and the runtime engine or wherever). This layer allows me to create containers in which code executes with very specific access rights to resources like files, and databases (including filtering access to tables and specific fields), and even controls access to features of the language itself which allows me to deny access to network classes, or reflection commands, etc on a per-container basis. While this can be used to jail individual code contributors to specific capabilities and assetts, I also find it useful for implementing Least Privilege. If I have a routine that needs to read config files, I can create a "user" named configLoader which allows access to a specific path, and has read-only permissions for that path. I then wrap the code in container identified as that user. Now, if that code were ever hijacked in some never-before-known attack vector, it is useless with respect to file system access except for reading that path. For databases, I can move what I used to define in Lasso Admin to the database''s own access management system by defining multiple users into those allowed to read only, access only specific tables, etc. However, for file access, and even certain language feature restrictions, I don''t see how that can be done in Ruby or in Rails. Let''s stick with files. How in Rails would I create a piece of file reading code in a method with explicit restrictions to have access to path X only and only for reading purposes. IOW, even if I wrote file reading commands within the boundaries of this code to get another path or to write to a file, it would fail to work. Does what I am asking make sense? -- gw -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---