Re: [QGIS-Developer] Enhancing QGIS Development and Security Features Proposition

[Régis Haubourg via QGIS-Developer]

Hi Rhea,
Adding some points to the very good answers above.

QGIS is already deployed in very security sensitive organizations and has
been assessed against vulnerabilities. I obviously can't list them publicly
here. Some are public, like the NSA, that even publishes some plugins, but
also funded some parts of the authentication system.

Its desktop component stays however a generic desktop tool, and as such
will be able to interact with the OS it is installed on. Just like blender
or FME or Arcxx that also have python scripting.
I have seen deployment in sanboxes through virtualization tools that can
help too. Like QGIS served through web streaming or as a remote app (
VMware stuff or vnc or similar stuff)

There are several ways of addressing your concerns in QGIS itself.  Most
will rely on creating a specific configuration for your organisation. You
will be able to deploy a preconfigured QGIS that can almost handle all this

 A few examples

- configure QGIS with a dedicated user agent name and have the IT team
filter the trafic they allow using their firewall
- audit the plugins you will use and ship them with your install packages,
or deploy an internal repository
- use the awesome "constrained settings" script funded by a french ministry
to prevent users from drifting away from this configuration
- you can customize the UI so that average user just can't launch the
python console. Any advanced user will be able to circumvent this, but it's
a good start.
-if you are really into security, don't focus on your customer's fears, but
on the real criticity of a GIS infrastructure.  Securing the data source
connections, configuring mandatory encrypted keyrings is often the weakest
part. Python scripting capabilities us present in most software.and must be
secured by the OS and the IT. You can secure QGIS and have user send QGIS
projects by mail with plain text credentials if you don't handle this. This
should fear your customer more than potential python scripts.


Another point. I have seen over constrained QGIS based deployments for
"security reasons" .  They showed  up some side effects:
- user were too constrained, when GIS work supposes to be able to handle
quite complex tools (SQL queries, cli tools, heavy geospatial computing).
They were so locked that they ended up in really trying shadow IT
solutions.
- the configuration work was too heavy and done as a one time project.  the
IT department could not follow the security updates of QGIS and it's
dependencies , leading to severely outdated software in production.
Security is also a matter of being able to update frequently to fix
vulnerabilities, which we offer in every monthly release.


I've conducted a few of such enterprise wide deployment and I confirm you
that you can find professional support in the commercial companies that
provides such services. You can find them listed on our website.
(Disclaimer, I have no direct interest here and speak as a steering
committee member)

Best regards , and let us know how it goes

Régis




Le ven. 3 nov. 2023, 10:11, B. De Mezzo via QGIS-Developer <
qgis-developer@lists.osgeo.org> a écrit :

> Hi Rhea,
>
> same as Johannes "I am in no way able to officially answer but maybe I
> can give some thoughts and rhetoric questions":
>
> * QGIS is not designed to handle such security restrictions, it is not
> its purpose
>
> * the best way, IMHO, is to limit its network accesses by using
> dedicated security software as selinux for linux or advanced firewall
> configuration for windows
>
> * the best to discuss these features is "to create QGIS Enhancement
> Proposals at https://github.com/qgis/QGIS-Enhancement-Proposals/issues.;
>
> Regards.
>
> Le 03/11/2023 à 09:35, Johannes Kröger (WhereGroup) via QGIS-Developer a
> écrit :
> > Hi Rhea,
> >
> > I am in no way able to officially answer but maybe I can give some
> > thoughts and rhetoric questions:
> >
> > To me those improvements sound like good ideas. I am not sure how far
> > you could lock down Python extensibility considering the existing API.
> > And I am not sure if you are aware of the many ways that a QGIS
> > environment might use network calls, e.g. a tool like Proj might
> > download grids from the internet in some cases, GDAL might try to
> > fetch schemas specified in local files, etc. Sandboxing the system
> > from the outside is probably much easier and secure.
> >
> > Are those 40 extensions existing extensions? Are you aware that you
> > can strip out the official repository and use your own instead?
> >
> > It would probably be best to create QGIS Enhancement Proposals at
> > https://github.com/qgis/QGIS-Enhancement-Proposals/issues.
> >
> > And it would be good to proof commitment to maintaining the new
> > features in some way or enter the sustaining membership program with
> > significant, recurring contributions so that other developers paid by
> > the QGIS project can maintain them.
> >
> > Cheers, Hannes
> > 

Re: [QGIS-Developer] QGIS Full Stack Web Developer Report

[Lova Andriarimalala via QGIS-Developer]

Hello everyone,

Please find below the report summarizing the progress on the feed site 
development for this week.

PRs open:

  *   Add web page UI on the root URL

PR merged:

  *   Using rich editor for content, check data 
validity

Still working on:

  *   Some checks and fixes on the 
entirety

Have a great weekend,
Lova

—

[image.png]

Lova Andriarimalala

QGIS Full Stack Web Developer

Visit http://kartoza.com to find out about open source:

* Desktop GIS programming services

* Geospatial web development

* GIS Training

* Consulting Services

Office: +261(0)34 09 524 73



From: Lova Andriarimalala 
Date: Friday, 27 October 2023 at 4:53 PM
To: qgis-developer@lists.osgeo.org 
Subject: Re: QGIS Full Stack Web Developer Report

Hello everyone,

I'm grateful for your warm welcome, and I'm truly thrilled to join this 
wonderful community.
Here is the report summarizing the progress on the feed site development for 
this week.
PRs open:

 *   Form submission management

PR merged:

 *   Feeds list page with filter and 
sorting
 *   Feed item form with preview
 *   Feed form review step
 *   Implement webpack and use it for Bulma 
CSS

Still working on:

 *   Improve feed item form: Check data 
validity

Have a great weekend,
Lova


—

[image.png]

Lova Andriarimalala

QGIS Full Stack Web Developer

Visit http://kartoza.com to find out about open source:

* Desktop GIS programming services

* Geospatial web development

* GIS Training

* Consulting Services

Office: +261(0)34 09 524 73



From: Lova Andriarimalala 
Date: Friday, 20 October 2023 at 2:54 PM
To: qgis-developer@lists.osgeo.org 
Subject: QGIS Full Stack Web Developer Report

Hello everyone,

Currently, I am working on the website that administers the feeds displayed in 
the news area of QGIS. The website's repository is available on GitHub: 
https://github.com/qgis/qgis-feed

Please find below the report for the past two weeks.
PRs open:

 *   Feeds list page with filter and 
sorting
 *   Feed item form with preview
 *   Feed form review step

PR merged:

 *   Create a login page, add test cases, configure GH 
actions

Still working on:

 *   Use web pack for bulma CSS

Please do not hesitate to provide any feedback regarding the report structure 
or layout. Your suggestions are highly appreciated, as they will enable us to 
improve the report's quality and readability. Thank you for taking the time to 
review the report.

Have a great weekend,
Lova

—

[image.png]

Lova Andriarimalala

QGIS Full Stack Web Developer

Visit http://kartoza.com to find out about open source:

* Desktop GIS programming services

* Geospatial web development

* GIS Training

* Consulting Services

Office: +261(0)34 09 524 73



___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [QGIS-Developer] Enhancing QGIS Development and Security Features Proposition

[B. De Mezzo via QGIS-Developer]

Hi Rhea,

same as Johannes "I am in no way able to officially answer but maybe I 
can give some thoughts and rhetoric questions":


* QGIS is not designed to handle such security restrictions, it is not 
its purpose


* the best way, IMHO, is to limit its network accesses by using 
dedicated security software as selinux for linux or advanced firewall 
configuration for windows


* the best to discuss these features is "to create QGIS Enhancement 
Proposals at https://github.com/qgis/QGIS-Enhancement-Proposals/issues.;


Regards.

Le 03/11/2023 à 09:35, Johannes Kröger (WhereGroup) via QGIS-Developer a 
écrit :

Hi Rhea,

I am in no way able to officially answer but maybe I can give some 
thoughts and rhetoric questions:


To me those improvements sound like good ideas. I am not sure how far 
you could lock down Python extensibility considering the existing API. 
And I am not sure if you are aware of the many ways that a QGIS 
environment might use network calls, e.g. a tool like Proj might 
download grids from the internet in some cases, GDAL might try to 
fetch schemas specified in local files, etc. Sandboxing the system 
from the outside is probably much easier and secure.


Are those 40 extensions existing extensions? Are you aware that you 
can strip out the official repository and use your own instead?


It would probably be best to create QGIS Enhancement Proposals at 
https://github.com/qgis/QGIS-Enhancement-Proposals/issues.


And it would be good to proof commitment to maintaining the new 
features in some way or enter the sustaining membership program with 
significant, recurring contributions so that other developers paid by 
the QGIS project can maintain them.


Cheers, Hannes
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer


OpenPGP_signature.asc
Description: OpenPGP digital signature
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [QGIS-Developer] Enhancing QGIS Development and Security Features Proposition

[Even Rouault via QGIS-Developer]

Rhea,


 *

- Proposition would be a feature that allows users to limit Python
console functionality based on their needs.

If you have in mind to limit the set of functionality available in the 
Python console, that's not technically doable, at least with the CPython 
interpreter. All you can do is to not provide any access at all to the 
Python console. Python isn't a "safe" language, that is a sufficiently 
willing user can do arbitrary things, including crashing itself with 
just core functionality:


$ python -c "exec(type((lambda: 0).__code__)(0, 0, 0, 0, 0, 0, b'\x053', 
(), (), (), '', '', 0, b''))"

Segmentation fault (core dumped)

cf 
https://stackoverflow.com/questions/42544487/how-can-i-cause-python-3-5-to-crash


People have tried sandboxing Python many times, but under careful 
examinations, all attempts fail at some point.


Even

--
http://www.spatialys.com
My software is free, but my time generally not.
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [QGIS-Developer] Enhancing QGIS Development and Security Features Proposition

[Rhea via QGIS-Developer]

Hi Johannes,

Thank you a lot for your return, appreciated ! 

Best,
Rhea

> On 3 Nov 2023, at 9:35 AM, Johannes Kröger (WhereGroup) via QGIS-Developer 
>  wrote:
> 
> Hi Rhea,
> 
> I am in no way able to officially answer but maybe I can give some thoughts 
> and rhetoric questions:
> 
> To me those improvements sound like good ideas. I am not sure how far you 
> could lock down Python extensibility considering the existing API. And I am 
> not sure if you are aware of the many ways that a QGIS environment might use 
> network calls, e.g. a tool like Proj might download grids from the internet 
> in some cases, GDAL might try to fetch schemas specified in local files, etc. 
> Sandboxing the system from the outside is probably much easier and secure.
> 
> Are those 40 extensions existing extensions? Are you aware that you can strip 
> out the official repository and use your own instead?
> 
> It would probably be best to create QGIS Enhancement Proposals at 
> https://github.com/qgis/QGIS-Enhancement-Proposals/issues.
> 
> And it would be good to proof commitment to maintaining the new features in 
> some way or enter the sustaining membership program with significant, 
> recurring contributions so that other developers paid by the QGIS project can 
> maintain them.
> 
> Cheers, Hannes
> ___
> QGIS-Developer mailing list
> QGIS-Developer@lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [QGIS-Developer] Enhancing QGIS Development and Security Features Proposition

[WhereGroup]

Hi Rhea,

I am in no way able to officially answer but maybe I can give some 
thoughts and rhetoric questions:


To me those improvements sound like good ideas. I am not sure how far 
you could lock down Python extensibility considering the existing API. 
And I am not sure if you are aware of the many ways that a QGIS 
environment might use network calls, e.g. a tool like Proj might 
download grids from the internet in some cases, GDAL might try to fetch 
schemas specified in local files, etc. Sandboxing the system from the 
outside is probably much easier and secure.


Are those 40 extensions existing extensions? Are you aware that you can 
strip out the official repository and use your own instead?


It would probably be best to create QGIS Enhancement Proposals at 
https://github.com/qgis/QGIS-Enhancement-Proposals/issues.


And it would be good to proof commitment to maintaining the new features 
in some way or enter the sustaining membership program with significant, 
recurring contributions so that other developers paid by the QGIS 
project can maintain them.


Cheers, Hannes
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer