[DAS] Re: DAS security
Neil Walker
Neil.Walker at cimr.cam.ac.uk
Tue Sep 23 06:42:18 EDT 2003
Tony Cox wrote:
>Since it has always been an open source/data project we have not engineered a
>system for hiding some data form a subset of users.
I had this same discussion with the Mart team last week with regard a
distributed Mart. I think the issue with Ensembl being Open Source is
that you can't hack the client code to hide your data from a paricular
class of user, as someone can always download an unhacked version from
CVS.
This means security has to be at the server end, as Jonathan Warren
implied, and to state the obvious, security can't be in the database,
as database security splits "vertically" by database, table or column,
and not "horizontally" by row.
The question therefore is whether config info is client code or not.
Not sure this is relevant, but what we do for gbrowse (thanks to my
colleagues Barry Healy and Luc Smink for this info) is that we have
multiple databases for e.g. mouse and human data, multiple config
files, but only one web interface. At the moment users get a pull down
saying which data source (config file) they want, but I guess we could
give each class of user access (via links and .htaccess) to just one
config file. We then need to prevent users being able to create their
own config files, so if they contain username and password info that
the user cannot access - that'd do the trick.
> We'd be very interested to know if you come up with a nice solution!
Ditto!
Cheers
Neil
---------------------------------------------------------------------
Neil Walker email: neil.walker at cimr.cam.ac.uk
JDRF/WT Diabetes and Inflammation tel: +44 (0)1223 763210
Laboratory fax: +44 (0)1223 762102
Cambridge, UK http://www-gene.cimr.cam.ac.uk/todd/
---------------------------------------------------------------------
More information about the DAS
mailing list