Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Wiki Replica
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container Registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
The Tor Project
TPA
Wiki Replica
Commits
e7c6d3d2
Unverified
Commit
e7c6d3d2
authored
4 years ago
by
anarcat
Browse files
Options
Downloads
Patches
Plain Diff
some discussion notes on the project
parent
28bfc6c8
No related branches found
Branches containing commit
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
service/crm.md
+25
-6
25 additions, 6 deletions
service/crm.md
with
25 additions
and
6 deletions
service/crm.md
+
25
−
6
View file @
e7c6d3d2
...
...
@@ -288,15 +288,10 @@ infrastructure. It can also be used to perform an audit on the current implement
## Overview
<!-- describe the overall project. should include a link to a ticket -->
<!-- that has a launch checklist -->
<!-- if this is an old project being documented, summarize the known -->
<!-- issues with the project. to quote the "audit procedure":
5.
When was the last security review done on the project? What was
the outcome? Are there any security issues currently? Should it
have another security review?
TODO:
6.
When was the last risk assessment done? Something that would cover
risks from the data stored, the access required, etc.
...
...
@@ -309,6 +304,30 @@ infrastructure. It can also be used to perform an audit on the current implement
-->
The CiviCRM deployment is complex and feels a bit brittle. The
separation between the CiviCRM backend and the middleware API evolved
from an initial strict, two-server setup, into the current three-parts
component after the static site frontend was added around 2020. The
original two-server separation was performed out of a concern for
security: we were worried about exposing CiviCRM to the public,
because we felt the attack surface of both Drupal and CiviCRM was too
wide to be reasonably defended against a determined attacker.
The downside is, obviously, a lot of complexity, which also makes the
service more fragile. The Redis monitoring, for example, was added
after we discovered the
`ipsec`
tunnel would sometimes fail, which
would completely break donations.
Obviously, if either the donation middleware or CiviCRM fails,
donations go down as well, so we have actually two single point of
failures in that design.
A security review should probably be performed to make sure React,
Drupal, its modules, CiviCRM, and other dependencies, are all up to
date. Other components like Apache, Redis, or MariaDB are managed
through Debian package, and supported by the Debian security team, so
should be fairly up to date, in terms of security issues.
TODO: clarify which versions of CiviCRM, Drupal, Yarn, NVM, PHP,
Redis, and who knows what else are deployed, and whether it matters.
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
