dhpotterveld
Cadet
- Joined
- Apr 21, 2017
- Messages
- 1
I'd like to comment on an architectural decision in FreeNAS Corral that disturbed me, and which I hope will NOT appear in its successor. This was the decision to place JSON configuration files in the root of file shares. On the surface this looks like tidy organization, but it is a security risk. For example, an nfs share that permits root_no_squash mount by a client will give root on the client the ability to modify the configuration. Not good. So, for a site to be secure, this mount option must not be used, which breaks a class of use cases.
A good guiding principle (see, for example, Apache's recommended practices for server/site configuration) is to keep service metadata out of reach of clients by storing it in a space that is architecturally inaccessible to them. I hope the FreeNAS developers will take this to heart.
Many thanks for a fine product!
A good guiding principle (see, for example, Apache's recommended practices for server/site configuration) is to keep service metadata out of reach of clients by storing it in a space that is architecturally inaccessible to them. I hope the FreeNAS developers will take this to heart.
Many thanks for a fine product!