##########################################################################
#									 #
#			  CLAIMS_DB_LISTENER V0.22			 #
#									 #
#		    NEW FEATURES AND SECURITY ASSIGNMENTS		 #
#									 #
#			 DOCUMENT DATE: 20 JUNE 2009			 #
#									 #
#			   COPYRIGHT B TASKER 2009			 #
##########################################################################



Contents
---------


- Aim
- Security Groups
- Projected Features
- Current Features
- Security Assignments
- Notes



Aim
----


The aim of this document is to lay out some of the planned features and also
to specify which security group each of the new (and existing) features will
be assigned to.




Security Groups
----------------


Whether the Server Administrator has enabled Host or User based 
Authentication (or both) there are three security groups

- read
- write
- Admin


All authenticated users/hosts have read privileges. If the host/user fails
to authenticate then they will of course be denied access. 

The administrator can specify whether individual hosts/users should have 
write and/or Admin rights. 




Projected Features
-------------------


In addition to any operations supported by Claims_DB the listener will have
several additional features. These are;

- Server Information (uname -a)
- Server Uptime (uptime)
- Claims_DB_listener Version
- Claims_DB listener
- Per Database security settings
- Easy management tool




Current Features
-----------------


Claims_DB_listener currently supports the following METHODS
(taken from PROTOCOL DOCS V0.22)

1 - Insert a record into the database
2 - Output complete table
3 - Output Table Header Row only
4 - Run Query and return matching records
5 - Run Query and return matching Line Numbers only
6 - Run Database Backup
7 - Get Next Primary Key
8 - Run Select Distinct style query on named column
9 - Delete record on given line number
10 - Stream a full Database backup to client
11 - Return a total record count for the selected database
12 - Return a total record count for the selected table
13 - Clear Temporary Directory
14 - Generate a Signature for the named table (Checksum function)




Security Assignments
----------------------


- Read

2 - Output complete table
3 - Output Table Header Row only
4 - Run Query and return matching records
5 - Run Query and return matching Line Numbers only
7 - Get Next Primary Key
8 - Run Select Distinct style query on named column
11 - Return a total record count for the selected database
12 - Return a total record count for the selected table
14 - Generate a Signature for the named table (Checksum function)
Server Information (uname -a) (Can be disabled in config file)
Server Uptime (uptime) (Can be disabled in config file)
Claims_DB_listener Version (Can be disabled in config file)
Claims_DB listener (Can be disabled in config file)




- Write

1 - Insert a record into the database
6 - Run Database Backup
9 - Delete record on given line number
10 - Stream a full Database backup to client (Can be disabled in
     config file)
13 - Clear Temporary Directory




- Admin

Any action on the Claims_DB_listener security database (if present)




Notes
------

The Server System Administrator is already able to disable backup streaming
and requests for the Claims_DB_listener version. This will be extended to
include the new functions once they are implemented.


It was originally considered that the new functions should require admin
rights in order to try and enhance system security, however this would then
require Administrators to give users Admin privileges to acheive this small
task. Whilst some may believe this information to be highly sensitive, it
hardly falls within the same severity as all your users being able to read/
write you Security database (including password hashes and salts!)

It is once again noted that whilst blocking version information may provide
a little protection, an experienced attacker would still be able to ascertain
which version you are running by checking which METHODS the system supports.
If the attacker is unable to authenticate, this vector of attack is greatly
reduced.

When Claims_DB eventually supports Database Management (i.e. add 
table/database etc.) these functions will by default require Admin privileges.
However, it is envisaged that the Server Administrator will be able to 
re-assign this to another group by means of a Config file variable.

Per Database security settings will allow the system administrator to allow 
a user admin access to one database without allowing them the same access 
to other databases. At this point, the system administrator will also be 
able to explicitly deny access to a specific database.

An Easy Management tool may be created, this will consist of a small number 
of CGI scripts that will reside within the WWWROOT of the host webserver. 
The system will require authentication, and will utilise the same security 
database as the listener Administrators will be able to update many parts of 
the config using this tool. There may also be a quick query page built into 
this tool allowing authenticated users to quickly build and run a query on 
the database. This tool will be strictly read only as other methods of data 
insertion will be made available to Administrators.

If the Easy Management tool is created, it will be managed as a seperate 
project. The relationship between the two will be akin to that between 
Claims_DB and the listener. This will help insure that the Easy Management 
tool is not installed and left unsecured by an admin who is unaware that 
it even exists.



##########################################################################
#									 #
#				DOCUMENT END				 #
# 									 #
#		           COPYRIGHT BEN TASKER 2009			 #
#									 #
##########################################################################