<div dir="ltr">Hi Stefan,<br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 10, 2014 at 7:00 AM, epi <span dir="ltr"><<a href="mailto:massimodisasha@gmail.com" target="_blank">massimodisasha@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Hi Stefan,<div><br></div><div>about anonymous access, the app can use a demo location that is generated on the fly using cloning a "template location".</div>
<div><div>If i well remember, PyWPS does something like that.</div></div><div><br></div><div>But you need to be limit the number of available instance running … (has to be a configurable option), to avoid a server overload.</div>
<div>how may anonymous users can test the app at the same time is up to the capabilities of your server.</div><div><br></div></div></blockquote><div><br></div><div>This is more of a customization of webGRASS. WebGRASS UI is the web extestion to run grass modules. If you want to allow anonymous users or trusted users is a question of deployment. Some webmapping framework allows a demo users and the person who installs webgrass on their server be it on internet or else, he must know his users as any other typical web application. For example you can deploy your data on internet using web services and map viewer client like OpenLayers and allow anonymous users or setup a login and allow only verified users. Again the the login could use (OAuth, simple db login, manual verification, auto email verification etc.). This shouldn't be a part of web framework in my opinon. Rather web application allows such provision in a non coupled way.</div>
<div><br></div><div>In case of webgrass we decide to have trusted login by default. </div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word"><div></div><div>Cheers,</div><div>Massimo.</div><div><div class="h5"><div><br><div><div>On Mar 9, 2014, at 4:37 PM, Blumentrath, Stefan <<a href="mailto:Stefan.Blumentrath@nina.no" target="_blank">Stefan.Blumentrath@nina.no</a>> wrote:</div>
<br><blockquote type="cite"><div lang="NO-BOK" link="blue" vlink="purple" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">
<div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Hi,<u></u><u></u></span></div>
<div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Some more user comments: When we installed RStudio server in our company, our network administrator actually only agreed, because we could limit the listening-addresses / the server was not available from the internet and only accessible within the trusted company network. The same would likely be true for a GRASS web-interface too. So like Massimo, I would guess that the “trused-user” approach would be the most popular…<u></u><u></u></span></div>
<div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">In fact, the only use-case I can imagine for an anonymous web access to a GRASS installation would be demonstration / marketing, that people can have a closer look without installing. But that would require, that the web UI is comparable to the desktop solution to give a comparable impression… Would be anonymous www-access be possible at all? I mean, how would one exclude concurrent use of a mapset, i.e. two anonymous users accessing the same mapset at the same time?<u></u><u></u></span></div>
<div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Cheers<u></u><u></u></span></div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Stefan <u></u><u></u></span></div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<span lang="EN-US"> </span></div><div><div style="border-style:solid none none;border-top-color:rgb(181,196,223);border-top-width:1pt;padding:3pt 0cm 0cm"><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<b><span lang="EN-US" style="font-size:10pt;font-family:Tahoma,sans-serif">From:</span></b><span lang="EN-US" style="font-size:10pt;font-family:Tahoma,sans-serif"><span> </span><a href="mailto:grass-dev-bounces@lists.osgeo.org" target="_blank">grass-dev-bounces@lists.osgeo.org</a> [<a href="mailto:grass-dev-bounces@lists.osgeo.org" target="_blank">mailto:grass-dev-bounces@lists.osgeo.org</a>]<span> </span><b>On Behalf Of<span> </span></b>epi<br>
<b>Sent:</b><span> </span>9. mars 2014 15:28<br><b>To:</b><span> </span>Glynn Clements<br><b>Cc:</b><span> </span><a href="mailto:grass-dev@lists.osgeo.org" target="_blank">grass-dev@lists.osgeo.org</a><br><b>Subject:</b><span> </span>Re: [GRASS-dev] GSoC 2014: GRAS GIS Web UI<u></u><u></u></span></div>
</div></div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
Glynn,<u></u><u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
I’aware that the "security risk handling" in a web app is a hard and hot topic, hopefully a lot of project are working on this direction <u></u><u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
Of course a web-ui for grass will be designed for registered users and not for the anonymous www (password, registration and https can be implemented) <u></u><u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<u></u> <u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">The “web-shell” feature is obviously reserved to only “trusted users”.<u></u><u></u></div>
</div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">without this assumption application like Rstudio or IPython notebook should not exist.<u></u><u></u></div></div><div>
<div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
A multi user approach needs to be based IMHO on unix each user has to have its own home and access to filesystem. If this is not enough the application can be restricted to a chroot jail but this is not part of the UI development (is more a sys admin choice)<u></u><u></u></div>
</div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
For the authorization protocol it can be implemented using PAM. (i guess is what Rstudio is using)<u></u><u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
WT has a mature authentication module <u></u><u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div></div><div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<a href="http://www.webtoolkit.eu/wt/blog/2011/11/29/wt___jwt_3_2_0" style="color:purple;text-decoration:underline" target="_blank">http://www.webtoolkit.eu/wt/blog/2011/11/29/wt___jwt_3_2_0</a><u></u><u></u></div></div>
<div>
<div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><a href="http://www.webtoolkit.eu/wt/blog/2013/08/07/security__wt_and_the_new_breach_vulnerability/" style="color:purple;text-decoration:underline" target="_blank">http://www.webtoolkit.eu/wt/blog/2013/08/07/security__wt_and_the_new_breach_vulnerability/</a><u></u><u></u></div>
</div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
The potential user of a web ui for grass, need to be a trusted user in any case and need to go trough a registration process where an admin as to approve it. not anonymous users allowed.<u></u><u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<u></u> <u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">I guess the code behind the web-ui has to sanitize each text entry, will be this enough ?<u></u><u></u></div>
</div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">A "sanitize inspection" on all the “input” coming from the web-ui can be performed and this will be part of the UI itself, not of the grass modules. with the aim to avoid people doing something like .. <a href="http://xkcd.com/327/" style="color:purple;text-decoration:underline" target="_blank">http://xkcd.com/327/</a><span> </span> ;)<u></u><u></u></div>
</div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<u></u> <u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">Massimo.<u></u><u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<u></u> <u></u></div></div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div></div><div><div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
On Mar 8, 2014, at 11:42 AM, Glynn Clements <<a href="mailto:glynn@gclements.plus.com" style="color:purple;text-decoration:underline" target="_blank">glynn@gclements.plus.com</a>> wrote:<u></u><u></u></div></div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<br><br><u></u><u></u></div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><br>Rashad M wrote:<br><br><br><u></u><u></u></div><blockquote style="margin-top:5pt;margin-bottom:5pt">
<div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">My main concern would be security.<br><br>You will need to thoroughly sanitise all inputs. You cannot rely upon<br>GRASS modules to do this, as e.g. most string handling uses fixed-size<br>
buffers, so you need to explicitly limit the length of any arguments<br>to avoid the possibility of buffer overruns.<u></u><u></u></div></blockquote><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">
<br>I am not clear with this. maybe security and web apps are creating me a<br>confusion.<u></u><u></u></div><div style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><br>If you do not understand the principles of secure programming, you<br>
shouldn't attempt to write a web interface to GRASS.<br><br>GRASS modules typically do not attempt to be secure against invalid<br>input. If you're providing access to "untrusted" users (users who<br>aren't supposed to have the full privileges of the account under which<br>
the modules are executed), you will need to prevent invalid input from<br>reaching the modules.<br><br><span lang="EN-US">--<span> </span><br>Glynn Clements <</span><a href="mailto:glynn@gclements.plus.com" style="color:purple;text-decoration:underline" target="_blank"><span lang="EN-US">glynn@gclements.plus.com</span></a><span lang="EN-US">><br>
_______________________________________________<br>grass-dev mailing list<br></span><a href="mailto:grass-dev@lists.osgeo.org" style="color:purple;text-decoration:underline" target="_blank"><span lang="EN-US">grass-dev@lists.osgeo.org</span></a><span lang="EN-US"><br>
</span><a href="http://lists.osgeo.org/mailman/listinfo/grass-dev" style="color:purple;text-decoration:underline" target="_blank"><span lang="EN-US">http://lists.osgeo.org/mailman/listinfo/grass-dev</span></a></div></div>
</div></div></blockquote></div><br></div></div></div></div><br>_______________________________________________<br>
grass-dev mailing list<br>
<a href="mailto:grass-dev@lists.osgeo.org">grass-dev@lists.osgeo.org</a><br>
<a href="http://lists.osgeo.org/mailman/listinfo/grass-dev" target="_blank">http://lists.osgeo.org/mailman/listinfo/grass-dev</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><font face="arial, helvetica, sans-serif">Regards,<br>
Rashad</font></div>
</div></div>