Re: [QGIS-Developer] Enhancing QGIS Development and Security Features Proposition

2023-11-03 Thread Régis Haubourg via QGIS-Developer
Hi Rhea, Adding some points to the very good answers above. QGIS is already deployed in very security sensitive organizations and has been assessed against vulnerabilities. I obviously can't list them publicly here. Some are public, like the NSA, that even publishes some plugins, but also funded s

Re: [QGIS-Developer] QGIS Full Stack Web Developer Report

2023-11-03 Thread Lova Andriarimalala via QGIS-Developer
Hello everyone, Please find below the report summarizing the progress on the feed site development for this week. PRs open: * Add web page UI on the root URL PR merged: * Using rich editor for content, check data validity

Re: [QGIS-Developer] Enhancing QGIS Development and Security Features Proposition

2023-11-03 Thread B. De Mezzo via QGIS-Developer
Hi Rhea, same as Johannes "I am in no way able to officially answer but maybe I can give some thoughts and rhetoric questions": * QGIS is not designed to handle such security restrictions, it is not its purpose * the best way, IMHO, is to limit its network accesses by using dedicated secur

Re: [QGIS-Developer] Enhancing QGIS Development and Security Features Proposition

2023-11-03 Thread Even Rouault via QGIS-Developer
Rhea, * - Proposition would be a feature that allows users to limit Python console functionality based on their needs. If you have in mind to limit the set of functionality available in the Python console, that's not technically doable, at least with the CPython interpreter. All you

Re: [QGIS-Developer] Enhancing QGIS Development and Security Features Proposition

2023-11-03 Thread Rhea via QGIS-Developer
Hi Johannes, Thank you a lot for your return, appreciated ! Best, Rhea > On 3 Nov 2023, at 9:35 AM, Johannes Kröger (WhereGroup) via QGIS-Developer > wrote: > > Hi Rhea, > > I am in no way able to officially answer but maybe I can give some thoughts > and rhetoric questions: > > To me tho

Re: [QGIS-Developer] Enhancing QGIS Development and Security Features Proposition

2023-11-03 Thread WhereGroup
Hi Rhea, I am in no way able to officially answer but maybe I can give some thoughts and rhetoric questions: To me those improvements sound like good ideas. I am not sure how far you could lock down Python extensibility considering the existing API. And I am not sure if you are aware of the