Dear All, I would like to submit the following GSIP : https://github.com/geoserver/geoserver/wiki/GSIP-189
*Some Background and Context:* Geotools and Geoserver make a lot of HTTP calls, internally and externally for different purposes which include - Downloading Schemas - Requesting Online Images and Resources - Loading remote SLDs - Working with remote OGC servers - Other Misc calls that involve access resources outside the Data Directory In some production environments this can be seen as a potential security loop hole where developers/users have no way of controlling what is being accessed. Hence a new Interface is proposed to implement URL validation before making the HTTP call. Geoserver will receive its de-facto implementation of this interface in which URLs will be validated through Regex expressions configured through Web Admin interface. By default Geoserver will have a number of known URLs allowed (e.g OGC Schema URls etc) Complete details are included on the proposal. Looking forward to everyone`s feedback regards, Imran
_______________________________________________ GeoTools-Devel mailing list GeoTools-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geotools-devel
