I’m starting work on a backend that I intend to contribute, which will enable “Notes” for those who are using Imap and Davical today (which works for everything except notes.)
The existing “combined” back end solutions that support “all of it” are Linux-slanted and I run FreeBSD around here, and also hate Mysql with a white-hot passion for a host of reasons. I’m more-or-less forced to use it for Cacti but that’s the only reason I have a Mysqld running at all, and some day I’ll re-implement its calls to talk Postgres instead.
What I run here now is IMAP for email (Postfix/Dovecot) and Davical (Caldav and Carddav) for calendars/tasks and contacts, respectively. Both take and verify authentication and both are multi-protocol – they serve both Exchange clients via Z-push and also are connected to directly (e.g. by Thunderbird on PCs.) That leaves notes unimplemented and Evernote keeps tightening the screws on license demands. It would be nice to have support for Notes for mobile devices, in other words, so my middle finger can go up toward the Evernote people. My personal mobile is a BlackBerry DTEK60 which has a Notes client, but as it stands right now it can’t talk to Z-push.
The intent thus is for a backend that is only really useful in the context of someone using Davical and an IMAP server (probably Dovecot.) While I could certainly have the PHP code for the backend make a socket call to a daemon, and have the daemon do the talking to the database (and initialize with privileges, authenticate and then drop them) I can also have the php backend code directly hit Postgres, but if I do that I have no way to interface with the system’s authentication mechanisms since Z-push is not running as root and thus can’t check passwords.
If I’m going to implement something with scope beyond Z-push then it’s awfully tempting to simply use the filesystem directory structure and stick a dot directory under the user’s home for “Notes”; if the underlying process has privilege it can authenticate, setuid() to that user and then work that way. On a system running ZFS (which my systems do) this has myriad advantages including the ability of the admin to set up time-based rolling snapshots which makes accidental deletes a non-event. However, that means bugs in that code are an underlying system security risk to the system as a whole.
So my thought process at this point is to not do that, but instead implement a backend that can sync notes tied to a Postgres database via php’s interface. In turn that led me to question whether that new backend actually needs to validate passwords (because if it does then it either has to call something on the system that can do that, such as IMAP, or I have to write code outside of Z-push’s PHP that has privilege, does that, and then drops same, which involves implementing an entire second layer that is otherwise not necessary.) If it doesn’t need to validate passwords because in order to actually pass data the other backends have already done so (and “cleared” the presented user’s credentials) then that layer can be omitted and yet in the context of Z-push it remains secure (well, at least as secure as is the other backend’s authentication, such as Dovecot or whatever.)