Start a new topic

REQ: More security, anyone?

Last week I put some effort in trying to persuade another developer to put more emphasis on security for a program that might spread around your financial data (BTW, telling people to run a program as admin is somehow strange).

Now let's come to CafeTran. For Mac this issue is (at least, theoretically) non-existing, but for Linux and Windows it is. This topic is possibly related to this one, as having all settings in one folder would facilitate this move.

From a pragmatical point of view, this issue is less important than for financial apps, but from a rigorous point of view, the use of CafeTran for Windows or Linux might be a breach of NDAs and confidentiality agreements, as the executables are being or can be easily exposed to alteration (are they?).

Any comments or opinions on this? 

1 person likes this idea

Maybe I am missing something but I do not understand what is the security/confidentiality/NDA breach threat when running CT on GNU/Linux

Eh, separating of executables and data? 

This is the mantra of any -ixoid system. At least if you understand CafeTran as executable program (and not only Java). See also here: „In Linux and Unix systems, the best practice is to install programs in a system directory (such as /usr/local/bin or /opt) rather than in a user directory (such as your home directory).“

Thank you tre.

I have limited experience with CafeTran on a system directory, as I have installed it within my user's directory.

Projects folder can be set elsewhere (and memory/glossaries can be imported from anywhere else), but indeed, some other user (editable) data is still present in other CafeTran directories, so I guess it needs some tweaking to set the permissions right, etc. Changing permissions should also allow to run CafeTran as a user (no root, no sudo, etc.), even if CT is located in a system directory (I would go for /opt myself).

In it's current state, I consider and use CafeTran for Linux as a portable application (note: I also do this for OmegaT, although it can be installed through the package manager). Portable applications are typically installed in the user directory (~/Bin comes to mind, I use a custom directory myself) and all data is in one place.

Out of the box, this allows to run CT with no need admin rights and limits security concerns.

A desktop entry and a keyboard shortcut can also be created for easily launching CafeTran from its current location or the menu. 

In practice, since CT's user data are within CT's folder, the home folder is the best place to store CT.

CT could provide an installer that asks for admin rights and installs the program in /opt folder, setting the appropriate permissions, etc. Some user preferences /data could be handled in a dot (hidden) folder within the user's directory, as is typical of native applications (and as is done in OmegaT). Alternatively, a visible CafeTran folder in the user directory (for storing data) could also do the trick.

So I second the idea of separating executables and data, although using CT as a portable java app works fine for me right now.

Login to post a comment