How secure is Raccoon and Rhizome?
It sounds like a cliche to say Rhizome was “designed with security in mind” but since anyone can edit the behavior of the application itself and write executable code, I had no choice in the matter. The current state of security: You can be reasonably assured that an unauthorized user can’t access underlying system resources or modify the data store, but you should assume that a user can read anything stored in the system (don’t worry, passwords are never stored). But bear in mind that Rhizome is an immature system that has not seen much real-world use. The various security and authorization features of Rhizome include: • Executable Python code will only be executed when its contents is whitelisted in the config setting authorizationDigests • Access to the file system is generally limited to the directories on Raccoon’s path (see the PATH config setting) • In all user contexts (with the exception of RxUpdate), each addition or removal of a statement from the store is authorized. • An o
