On Thu, Dec 22, 2016 at 9:27 AM Andrea Aime <andrea.a...@geo-solutions.it>
wrote:
> On Thu, Dec 22, 2016 at 2:23 PM, Justin Deoliveira <jdeol...@gmail.com>
> wrote:
>
> Thanks for the feedback Andrea. Comments inline.
>
> Now you are getting me a bit worried... maybe it's nothing, but the
> request objects were not designed to be returned back to the users,
> depending on how deep you go dumping them, you might end up revealing
> information that the admin does not want to be seen, such as for example
> the security filters being applied by something like GeoFence, or the
> datastore connection parameters (ok, that would be quite the deep scan in
> the object tree, but in the end all the info is actually linked and
> reachable from a GetMapRequest object for example).
>
> In other words, is it something that one would want to always have and
> would come with sane restriction to avoid leaking information, something
> allowed only to admins, something that it's core vs a plugin?
>
> Good point. What if we made it an explicit “opt-in” enabled only via
> configuration or a system property, etc…
>
> Another option could be to simply redact sensitive information when the
> user isn’t the admin… Or do you think there are too many cases of sensitive
> properties to handle?
>
>
> Hard to tell.. like, would it be ok to stop at any found catalog related
> information and just return its name instead of its details, which could
> reveal
> security restrictions (e.g., SecuredFeatureTypeInfo) ?
>
In my immediate case yes, and I would say in general yes. The point of the
call is not to provide a full dump of the request properties, more just to
provide a representation of what the request will do. I think that for
catalog objects, geotools objects… just displaying a name or id is enough
to do that without providing anything deeper, which as you pointed out can
definitely contain sensitive information.
>
>
> Fwiw I wasn’t planning on traversing the object deep enough to get down to
> anything like data store connection information. Just
>
>
> I was thinking you'd have allowed a user requestable expansion level like
> in the importer REST API.
> In general, depending on the protocol involved and the request structure
> (which might change over time) you might need
> to modify how deep you go. I believe at one time we expanded the expansion
> level in the logger to get more useful WPS information
> for example
>
Yeah, I was thinking the same, allow “depth” to be specified in the request
with a conservative default value.
Thanks for all the feedback. I think at this point I have enough to start
working on the code. I’ll report back when I have something more concrete
working and we can continue discussion with a patch to look at. However if
there are any more concerns I am happy to keep discussing now.
Happy holidays!
-Justin
>
> Cheers
> Andrea
>
> --
> ==
> GeoServer Professional Services from the experts! Visit
> http://goo.gl/it488V for more information.
> ==
>
> Ing. Andrea Aime
> @geowolf
> Technical Lead
>
> GeoSolutions S.A.S.
> Via di Montramito 3/A
> 55054 Massarosa (LU)
> phone: +39 0584 962313 <+39%200584%20962313>
> fax: +39 0584 1660272 <+39%200584%20166%200272>
> mob: +39 339 8844549 <+39%20339%20884%204549>
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
>
> Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
> darcene notizia via e-mail e di procedere alla distruzione del messaggio
> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
> principi dettati dal D.Lgs. 196/2003.
>
>
>
> The information in this message and/or attachments, is intended solely for
> the attention and use of the named addressee(s) and may be confidential or
> proprietary in nature or covered by the provisions of privacy act
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> Code).Any use not in accord with its purpose, any disclosure, reproduction,
> copying, distribution, or either dissemination, either whole or partial, is
> strictly forbidden except previous formal approval of the named
> addressee(s). If you are not the intended recipient, please contact
> immediately the sender by telephone, fax or e-mail and delete the
> information in this message that has been received in error. The sender
> does not give any warranty or accept liability as the content, accuracy or
> completeness of sent messages and accepts no responsibility for changes
> made after they were sent or for other risks which arise as a result of
> e-mail transmission, viruses, etc.
>
> -------------------------------------------------------
>
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
