On Thu, Dec 22, 2016 at 2:23 PM, Justin Deoliveira <jdeol...@gmail.com>
wrote:
> Thanks for the feedback Andrea. Comments inline.
>
>> Now you are getting me a bit worried... maybe it's nothing, but the
>> request objects were not designed to be returned back to the users,
>> depending on how deep you go dumping them, you might end up revealing
>> information that the admin does not want to be seen, such as for example
>> the security filters being applied by something like GeoFence, or the
>> datastore connection parameters (ok, that would be quite the deep scan in
>> the object tree, but in the end all the info is actually linked and
>> reachable from a GetMapRequest object for example).
>> In other words, is it something that one would want to always have and
>> would come with sane restriction to avoid leaking information, something
>> allowed only to admins, something that it's core vs a plugin?
>>
>>
> Good point. What if we made it an explicit “opt-in” enabled only via
> configuration or a system property, etc…
>
> Another option could be to simply redact sensitive information when the
> user isn’t the admin… Or do you think there are too many cases of sensitive
> properties to handle?
>
Hard to tell.. like, would it be ok to stop at any found catalog related
information and just return its name instead of its details, which could
reveal
security restrictions (e.g., SecuredFeatureTypeInfo) ?
>
> Fwiw I wasn’t planning on traversing the object deep enough to get down to
> anything like data store connection information. Just
>
I was thinking you'd have allowed a user requestable expansion level like
in the importer REST API.
In general, depending on the protocol involved and the request structure
(which might change over time) you might need
to modify how deep you go. I believe at one time we expanded the expansion
level in the logger to get more useful WPS information
for example
Cheers
Andrea
--
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.
-------------------------------------------------------
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
