Forum OpenACS Q&A: Re: RFC: Security policy for OpenACS (Security hole in OpenACS 5.1!)

I have a version that works but has very little testing. This version only supports Oracle. There are a couple of issues to work out. First the defaults need to be correct so the package provides some protection without getting in the way. The main one I'm still thinking about is referer. I built an option that will check that the referer hostname is the same as the login host name. Seemed like a good idea but if you just type http://mysite.com/acs-admin you get a security violation because the referer is empty. That means every admin page must be accessible via a link. The second issue is how to match the urls. Currently I'm using like with a url pattern like %/admin%. The other option is of course a tcl regexp. See the docs for how to patch the system to enable it. I also added

<if @logout_url@ not nil>
&lt;li>&lt;a href="@logout_url@" title="<span>#</span>acs-subsite.Logout_from_system#"><span>#</span>acs-subsite.Logout#&lt;/a>&lt;/li>
&lt;/if>
&lt;if @sudourl@ not nil>
&lt;li>&lt;a id="sudoend" href="@sudourl@" >&lt;font color="red">Sudo End&lt;/font>&lt;/a>&lt;/li>
&lt;/if>

to the site-master.adp file

and

if { [site_node::exists_p -url /sudo] } {
set sudourl [sudo::endsessonurl]
} else {
set sudourl ""
}

to site_master.tcl

http://trsvax.com/trsvax/apm/sudo-1.0b.apm