[GeoNode-users] Unexpected Login / User rights behaviour
EFTAS Oliver Buck
oliver.buck at eftas.com
Mon Sep 23 03:49:50 PDT 2019
Dear all,
I have noticed a strange behaviour in Geonode 2.10 and was wondering, if anyone had the same. For it seems to me potentially a security issue.
We have a test system setup including a data layer and two users:
Data layer: Vector data imported via Geonode GUI (drag&drop)
Admin user: uploaded the data and owns it
User1: has the right to see and download the data layer
Now the following behaviour can be noticed (tested in Chroem and Firefox)
If I open my startpage and login as "user1", I see the data layer thumbnail (Vector overlay and map background), If I select the layer for detailed viewing, only the map background is displayed, but not the vector layer
Now I log the "user1" out
I log immediately in as "admin"
If I view the data layer as "admin", I have the same behaviour as above, map background, but no vetor overlay
If I open the Geoserver GUI via the Geonode Admin in a new browser tab, I see the Geoserver Admin GUI but strangely logged in as "user1"!!!!
If I logout and log in again in Geosver GUI as admin, the data layer is then displayed in Geonode, after a reload of the page
This seems very odd. Anything related to cookies?
Any help appreciated to make sure this is no security issue
Thanks
Oliver
--
Intergeo<https://www.intergeo.de/intergeo-en/index.php> 2019: 17th - 19th September 2019, Stuttgart, Germany.
Meet us at booth F1.050 in hall 1!
[cid:image002.gif at 01CBBECE.B2C97A40]
Oliver Buck
MSc Environmental Science
E F T A S Fernerkundung
Technologietransfer GmbH
Oststraße 2-18
48145 Münster
Fon: +49 251 13307-57 E-Mail: oliver.buck at eftas.com<mailto:oliver.buck at eftas.com>
Fax: +49 251 13307-33 Web: http://www.eftas.com<http://www.eftas.com/>
Geschäftsführer:
Dipl.-Ing. Georg Altrogge
Sitz der Gesellschaft: Münster
Amtsgericht Münster, HRB 2999
USt.-IdNr. DE 126038986
******************************************************************
[cid:image006.png at 01CD642E.9C14BB50]
[cid:image006.png at 01D5720C.AC096AD0]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20190923/d8da647c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 206 bytes
Desc: image001.png
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20190923/d8da647c/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 2259 bytes
Desc: image002.gif
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20190923/d8da647c/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 267 bytes
Desc: image003.png
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20190923/d8da647c/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 228 bytes
Desc: image004.png
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20190923/d8da647c/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 522 bytes
Desc: image006.png
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20190923/d8da647c/attachment-0003.png>
More information about the geonode-users
mailing list