jbostoen/itop-jb-news

Get news messages through user's internet connection

Closed this issue · 3 comments

jbostoen commented

In a lot of environments, inbound traffic to the iTop instance is allowed.
However, outbound traffic is often restricted.

We could work around this by relying on the user's internet connection to retrieve the messages instead; and post them to iTop.

https://www.w3schools.com/js/js_json_jsonp.asp
Works by pointing to a different domain in a script tag. Downside: This implies limitations in length. It could be used to retrieve data, but posting data will fail if there is a lot of data.

Concerns:

  • This means there would be a more vulnerable iTop endpoint. A malicious user could abuse this; however this user would need to be able to forge the signature. This would likely require a private key to be leaked first.
  • The IP address is very likely to vary over time. Not an issue, iTop instance is identified by hash of the application and database.
  • The news server (source) endpoint gets more exposure. Some additional protection may be required.
  • Reporting statistics: most info isn't that sensitive, except the instance hashes (application and database). In theory, they could be encrypted by the iTop application and sent. It would however mean there should be a way for the iTop application to encrypt it and for our news server to decrypt it without any intervening. https://www.php.net/manual/en/function.sodium-crypto-box-seal.php / https://www.php.net/manual/en/function.sodium-crypto-box-seal-open.php
  • Reporting statistics: see comment above about limitation in length. Either way, making the messages available in iTop is more important than obtaining statistics on the read status.
  • There shouldn't be too much polling either, so the server doesn't get overloaded. Either a value needs to be stored in the database; or perhaps there could be some file which just contains the last polled time.
jbostoen commented

RetrieveFromRemoteServer method needs to be adapted. The only reason it takes the background process as an argument, is for tracing. It should be possible to specify another object which allows tracing.

Furthermore, it should be split into (1) retrieving the data through a background task and (2) processing the retrieved data (news messages).

This would allows us to handle a news server response, no matter whether the data was retrieved directly from a news server through a background task; or from a user in between.

jbostoen commented

Theoretically we could also have the user initiate a request to the news server, which could directly communicate with the iTop server. But these connections could also be forbidden.

jbostoen commented

In the current version only the public key of a signing is shared with the customer (sodium-crypto-sign).
https://www.php.net/manual/en/function.sodium-crypto-sign-keypair.php

However, to encode the messages with a public key (on iTop) and send them to the remote news server (sodium-crypto-box). The length of these keys is different.
https://www.php.net/manual/en/function.sodium-crypto-box-keypair.php