Datastore connections need to be separated out - I wouldnt think that these are rest-config issues - they are deploy time settings - so the adminstrator with the rights to establish the service is in control of what it connects to.
Having to bundle db configs in shared (version controlled) configurations is always a major pain with trying to establish distributed geoserver networks. NB connecting to static files might be more relaxed - but there might be issues with allowing cascading too. Rob On Wed, May 5, 2010 at 4:10 PM, Andrea Aime <aa...@opengeo.org> wrote: > Rob Atkinson ha scritto: >> >> Have to be pretty careful rest config doesnt open SQL injection attack >> paths of course :-) > > Well, RESTConfig can do worse, the datastore config contain all you need > to access a database. That's why we request the user to be an admin, > but out of the box is not enough, it should also be protected by HTTPS > (afaik now that has to be done through a proxy). > > > Cheers > Andrea > > > -- > Andrea Aime > OpenGeo - http://opengeo.org > Expert service straight from the developers. > ------------------------------------------------------------------------------ _______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
