[Geomoose-users] Advice on securing a GeoMoose application
Jeff McKenna
jmckenna at gatewaygeomatics.com
Wed Jan 20 06:39:42 PST 2016
A few years ago a security company did a review of MS4W (including
Apache and PHP) and from that many changes were made to the releases.
Bob keep me posted in what you find with Apache, and I'll try to include
your recommendations.
-jeff
On 2016-01-19 4:13 PM, Bistrais, Bob wrote:
> Hi again folks,
>
> I sent my security report to Dan and it looks like many of the problems are Apache related. I've made some progress on that front. A problem I can't seem to resolve now is the issue of Content Security Policy headers. This is actually a Dojo problem but wondering if anyone's had the same problem and can advise.
> I tried setting a content security policy on the Apache http.conf file as follows:
> Header set Content-Security-Policy: "default-src 'self' http://dojotoolkit.org; script-src 'self' http://dojotoolkit.org"
>
> -But when I try to load the application I get an error with Dojo. In FireBug this is the error:
>
> Error: call to Function() blocked by CSP
> ...op=Object.prototype,_97=op.toString,_98=new Function,_99=0,_9a="constructor";fun..
>
> -Any ideas?
>
> Thanks again,
> BB
>
> -----Original Message-----
> From: Dan Little [mailto:theduckylittle at gmail.com]
> Sent: Wednesday, January 13, 2016 1:18 PM
> To: Bistrais, Bob
> Cc: geomoose-users at lists.osgeo.org
> Subject: Re: [Geomoose-users] Advice on securing a GeoMoose application
>
> Hey Bob,
>
> Not sure any of these are directly GeoMOOSE.
>
> A lot of those are generic errors that can be addressed but we (I) would need a lot more information about their scanner found.
>
>
>
> On Tue, Jan 12, 2016 at 10:52 AM, Bistrais, Bob <Bob.Bistrais at maine.gov> wrote:
>> Hi all,
>>
>>
>>
>> I’m working through a Deployment Certification on one of my GeoMoose
>> applications. Our web security folks sent me back a report of the
>> security scan. Issues include cross-site scripting, directory
>> listings, link injection, phishing through frames, and others.
>>
>>
>>
>> Within the context of the GeoMoose architecture, can anyone provide
>> advice, or direct me to a good resource, on how to address those kinds of issues?
>>
>>
>>
>> Thanks,
>>
>> Bob
>>
>>
>>
--
Jeff McKenna
MapServer Consulting and Training Services
http://www.gatewaygeomatics.com/
More information about the Geomoose-users
mailing list