Quartz.net Scheduler 远程访问的安全性

Security around remote access for Quartz.net Scheduler
2021-11-25
  •  译文(汉语)
  •  原文(英语)

我们目前正在寻找一个调度应用程序来集成到我们的解决方案中.我们非常接近锁定 Quartz.net,但是有一个交易破坏者我无法在 Stackoverflow 或 Google 上找到任何解决方案.

问题在于通过 API 进行远程访问,例如:

NameValueCollection properties = new NameValueCollection();
properties["quartz.scheduler.instanceName"] = "instanceName";
properties["quartz.scheduler.proxy"] = "true";
properties["quartz.scheduler.proxy.address"] = "tcp://localhost:555/QuartzScheduler";

ISchedulerFactory sf = new StdSchedulerFactory(properties);
IScheduler sched = sf.GetScheduler();

我们目前了解到,任何用户都可以使用与上述类似的代码,然后使用调度程序实例来管理/更改/添加作业等.问题是,我们需要限制此访问(作为运行它的用户上下文)可以访问敏感信息).

在我们的理想情况下,我们希望锁定对指定用户的远程访问.这将允许授权用户从界面管理 Quartz.如果这是不可能的,那么我们将寻求锁定远程访问而不破坏从同一台机器访问 API 的能力的解决方案(缺点是用户需要登录服务器来管理石英).

如果我们是第一个有这个要求的组织,我会很惊讶,其他人是如何解决这个问题的?

解决过程1

简而言之,没有内置的身份验证/授权方案.

首先,即使恶意用户可以访问界面(如果人们怀有敌意,这对我来说似乎是一个不安全的网络),这个人也只能管理调度程序.因此,可以披露的信息是作业/触发器名称和组.用户可能会恶意触发运行编码不够健壮的作业,无法比最初预期的更频繁地运行.

外部方无法访问允许执行的作业,这包括连接字符串等或实际作业逻辑.外部方也无法添加更多服务器的 bin 目录中不存在的作业 - 因此作业被锁定,实际上不会发生任何意外.

确实想到的一件事是,用户可以使用参数安排本机作业,以对使用服务权限运行的系统进行有害操作.

解决这个问题的一种方法是使用简单的控制界面,如 Web 服务/Web 应用程序,它会处理权限等,并连接到 localhost 的 Windows 服务,否则该服务会受到防火墙保护.

We are currently looking for a scheduling application to integrate within our solution. We are very close to locking in Quartz.net, but there is one deal breaker that I cannot find any resolution for on either Stackoverflow or Google.

The issue is around remote access via the API, e.g:

NameValueCollection properties = new NameValueCollection();
properties["quartz.scheduler.instanceName"] = "instanceName";
properties["quartz.scheduler.proxy"] = "true";
properties["quartz.scheduler.proxy.address"] = "tcp://localhost:555/QuartzScheduler";

ISchedulerFactory sf = new StdSchedulerFactory(properties);
IScheduler sched = sf.GetScheduler();

We currently understand that any user could use code similar to the above, and then use the scheduler instance to manage / alter / add jobs, etc. The problem is, we would need to restrict this access (as the user context that this runs in has access to sensitive information).

In our ideal case we would like to lock down remote access to specified users. This would allow authorised users to manage Quartz from an interface. If this is not possible then we would be after a solution that locked down remote access without breaking the ability to access the API from the same machine (the drawback being users would need to log onto the server to administer quartz).

I'd be quite surprised if ours was the first organisation to have this requirement, how have others solved this problem?

Solutions1

In short there is no authentication/authorization scheme built-in.

First of all, even if malicious user could gain access to interface (seems like an unsafe network to me if people are hostile) this individual could only manage the scheduler. So the information that could be disclosed is job/trigger names and groups. User could maliciously trigger job to run that is not coded robust enough to survive running more often that initially expected.

The outside party could not gain access to what jobs are allowed to do, this includes the connection strings etc or actual job logic. Outside party would also be unable to add more jobs that are not present on server's bin directory - so the jobs are locked and no surprises could actually happen.

One single thing that does come to mind is that user could schedule native job with parameters to do something harmful on system running with services permissions.

One way to get around this is to have simple controlling interface like web service/web application that would take care of permissions etc and would connect to localhost's windows service that is otherwise firewalled.

转载于:https://stackoverflow.com/questions/15239354/security-around-remote-access-for-quartz-net-scheduler

本人是.net程序员,因为英语不行,使用工具翻译,希望对有需要的人有所帮助
如果本文质量不好,还请谅解,毕竟这些操作还是比较费时的,英语较好的可以看原文

留言回复
我们只提供高质量资源,素材,源码,坚持 下了就能用 原则,让客户花了钱觉得值
上班时间 : 周一至周五9:00-17:30 期待您的加入