Re: [Geotools-devel] GEOS-5958 and root login

Wed, 14 Aug 2013 04:28:24 -0700 

Hi Christian,

I thought this issue was addressed previously with the idea of a constant
filter chain, one that the user could not take away through
misconfiguration. Is that not he case?

The idea sounds reasonable but i want to make sure i understand the issue.

-Justin




On Thu, Aug 8, 2013 at 9:43 AM, Christian Mueller <
christian.muel...@os-solutions.at> wrote:

>
> The issue is about disabling the login page if no form based login is
> possible.
>
> https://jira.codehaus.org/browse/GEOS-5958
>
> All these security configuration issues may be dangerous if a
> configuration error happens. At the end of the day, the admin can lock out
> itself.
>
> IMHO, a dedicated login for the root user with the master password should
> always be possible. (The "root" user has administrative privileges).
>
> My idea:
>
> - Add a special filter chain /web/rootlogin (checked before /web/**)
> - Force digest authentication, no GUI needed, the browser pops up a login
> box
> - Upon success, redirect the the request to /web/
>
> This is quite a simple solution and helps  fixing GEOS-5958. Additionally,
> I can remove a lot of code concerning the root login in the individual
> authentication filters and test cases.
>
> Opinions ?
>
>
>
> --
> DI Christian Mueller MSc (GIS), MSc (IT-Security)
> OSS Open Source Solutions GmbH
>
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> GeoTools-Devel mailing list
> GeoTools-Devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geotools-devel
>
>


-- 
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
GeoTools-Devel mailing list
GeoTools-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geotools-devel

Reply via email to