Differential D18883
Allow bulk edits to be made silently if you have CLI access Authored by epriestley on Jan 19 2018, 6:21 PM. Tags None Referenced Files
Subscribers None
Details
Fixes T13042. This hooks up the new "silent" mode from D18882 and makes it actually work. The UI (where we tell you to go run some command and then reload the page) is pretty clumsy, but should solve some problems for now and can be cleaned up eventually. The actual mechanics (timeline aggregation, Herald interaction, etc.) are on firmer ground.
Diff Detail
Event TimelineComment Actions  What's the attack that opens up if we just add a [X] Do job silently checkbox in the bulk editor UI? As a user, I "rely" on emails and in-app notifications to stay on top of activities, but I don't treat them as a 100% reliable security measure. Email can always be dropped/lost/accidentally marked as spam, so I'd rely on something like Herald to enforce rules above and beyond the normal policy framework. Comment Actions It doesn't necessarily let you do anything explicitly evil, it just lowers your profile a lot and gives you a useful tool to help you sneak around better. For example, with D18873, you could go write a script which uses the bulk editor to replace every link in every task with a link to [[ /\evil.com/tabnab.htm ]]. There's no way you could do that without being noticed instantly if you were sending out tens of thousands of mail messages and feed stories, but you might get someone if you can do it silently. Or you compromise an administrator account and add yourself to the "Very Powerful Users" project: likely to raise eyebrows if it shows up in feed and mail, but could escape detection for a long time otherwise. As things evolve (e.g., SMS alerts in T920), I think these channels will become a more reasonable layer in overall auditing/security approaches too (e.g., "send me an SMS when such-and-such happens" -- not 100% reliable, but reasonable as a guardrail against human mistakes with a bonus that it catches sneaky attackers). |