Node-solid-server: Grant permission to see .acl file?

Created on 30 Apr 2018  Â·  4Comments  Â·  Source: solid/node-solid-server

For debugging purposes, it would be useful if we could grant people permission to see a .acl file.

Or even just have a debug flag to switch that on.

feature revisit

All 4 comments

Interesting! So like, a ‘—debug’ flag you can start the server with, to enable things like seeing .acls?

Yes. Or perhaps a more specific flag/option even, like publicACL.

Maybe. (Considered the option of changing the ACL system to allow a new mode, but the stability of the ACL system is more important. When someone is denied access, do you tell then which group they need to join to get access? Sometimes that is valuable socially, and valuable for on-boarding. People generally regard it as bad security to be open about such things so you basically enumerate the attack vectors.)
But as a config option, it could make sense, during testing. What would also be brilliant in the body of the error response is a breakdown of where the ACL logic decided no, which ACL file was used, and where the query failed, but "where the query failed" is hard to define and hard to code IMHO)

When someone is denied access, do you tell then which group they need to join to get access? Sometimes that is valuable socially, and valuable for on-boarding. People generally regard it as bad security to be open about such things so you basically enumerate the attack vectors.

I wonder if we can implement that as an explicit Read permission on the .acl. Right now, we only have Control to capture Read + Write in the specific case of .acl.

What would also be brilliant in the body of the error response is a breakdown of where the ACL logic decided no, which ACL file was used

Indeed. That sort of debug information is easy to gather.

And in the mid to long term, these should be N3 proofs of course 😄

Was this page helpful?
0 / 5 - 0 ratings

Related issues

SvenDowideit picture SvenDowideit  Â·  6Comments

akuckartz picture akuckartz  Â·  6Comments

csarven picture csarven  Â·  6Comments

WhyINeedToFillUsername picture WhyINeedToFillUsername  Â·  3Comments

melvincarvalho picture melvincarvalho  Â·  4Comments