[mapguide-internals] Please review RFC 103

Thu Jul 15 00:20:46 EDT 2010

I understand that it's used a lot, and that our system info already
reveals a lot of information, but I don't understand how this is a
justifiction to reveal more unnecessary information.

We need to do a better job of implementing a lowest-surface-area
approach to our software. System information should only be available
at the level required for the function/role requesting it. For
example, it might be necessary for the anonymous user to know the site
version (so they know what features are supported) but not uptime,
memory use, etc.

System and configuration information may seem innocuous, but can be
used to help probe for vulnerabilities, etc.  I really want to reduce
our information footprint, and am firmly opposed to increasing it.

Jason

On 2010-07-14, Christine Bao <Christine.Bao at autodesk.com> wrote:
> Hi Jason,
>
>
> 1.       Are you sure that SetDocument() requires Administrator privileges?
> If so it's save to publish it.
>
>
> 2.       I copied from another reply:
>
>      There is one similar operation in Studio named GetSiteProperties().
>
>      It gets information about how long the server has been running, the
> number of connections, the server's version etc. The information is not from
> repository.
>
>      Similar as GetDocument(), it needs the user information of current
> connect to open the service:
>
>                         // Create ServerAdmin object
>
>                         Ptr<MgServerAdmin> serverAdmin = new
> MgServerAdmin();
>
>                         serverAdmin->Open(siteInfo->GetTarget(),
> m_userInfo);
>
>      This call is frequently used in Studio, and I think it works for most
> user account. So GetDocument should not limit to high privilege user account
> also.
>
> Thanks & regards,
> Christine
>
>
> From: Jason Birch <jason at jasonbirch.com>
>
> Subject: Re: [mapguide-internals] Please review RFC 103
>
> To: MapGuide Internals Mail List <mapguide-internals at lists.osgeo.org>
>
> Message-ID:
>
>       <AANLkTin1ktmcdXUam0x_1yVk6NtyN2J9vewuWsO5PMLy at mail.gmail.com>
>
> Content-Type: text/plain; charset=ISO-8859-1
>
>
>
> I would suggest that this kind of request should require author access AND
>
> should not be available through the API at all when authoring is disabled in
>
> webconfig.ini.  setDocument should require Administrator privileges.
>
>
>
> I am not a big fan of allowing public access to configuration documents,
>
> regardless of the seemingly innocuous nature of the information they
>
> contain.
>
>
>
> I guess the Fusion widget info calls access files outside of the repository.
>
>  Are there any others?
>
>
>
> Jason
>
>
>
> On 13 July 2010 16:24, Tom Fukushima wrote:
>
>
>
>> Along with SetDocument, what kind of user would be allowed access to this
>
>> file? For example, since the RFC mentions the Studio user perhaps these
>
>> operations only be available to someone with Author (or above) privileges.
>
>>  Do we need a way to set security on this document so that we can restrict
>
>> who can access it? I would hope not since that seems like overkill.
>
>>
>
>> Are there any other operations in MGOS that are similar to this (i.e.,
>
>> access documents or information outside of the repository) in behavior?
>
>>
>
>>
>
> _______________________________________________
> mapguide-internals mailing list
> mapguide-internals at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-internals
>