Indivo Auditing Beta 1

From Indivo

Jump to: navigation, search

[edit] Auditing Proposal

Auditing will live in a middleware that is called after the Authentication and Authorization middleware.

The ordering is so that auditing will know the principal and view_func/view_(kw)args during processing.

When no principal is present we will not audit.

If principal is not None then we will record the requested_action and the server response to that action in the auditing table along with any pertinent metadata such as datetime, request ip address, etc...


The proposed table will be broken down into four sections:


request 

-req_view_func
-req_url
-req_datetime
-req_ip_address
-req_domain
-req_headers
-req_method
-record_id
-document_id

response 

-resp_code
-resp_error_msg
-resp_server
-resp_headers

principal 

-req_principal
-req_principal_type


[edit] About the Fields

Redundancy is built into the audit table so that as few assumptions are made when investigating a req/resp.

req_view_func This is the view which corresponded to the request url at the time the call was made.

req_url The url which is called, also in the req_headers.

req_datetime The datetime in which the request was made.

req_ip_address The ip address from which the request was made.

req_domain This is the domain that corresponded to the ip address at the time the request was made. Retrieving the req_domain will add latency so this option should be thought through thoroughly.

req_headers All request headers.

req_method The HTTP method of the request.

record_id The record_id which is being accessed or modified.

document_id The document_id which is being accessed or modified.

resp_code The server's HTTP response code

resp_error_msg The server's HTTP response body when resp_code is not 200

resp_server The server name. This is to anticipate multiple Indivo servers with a load balancer.

resp_headers All response headers.

req_principal This is a foreign key to the principal table. The assumption is that a principal is never deleted, otherwise more information regarding the principal would be accounted for in the audit table.

req_principal_type A principal's type when the request was made, this is added since the type of a principal may change.

Retrieved from "http://wiki.chip.org/indivo/index.php/Indivo_Auditing_Beta_1"
Personal tools
Navigation