[QGIS-Developer] Potential vulnerabilities

Jonathan Moules jonathan-lists at lightpear.com
Sun Feb 2 12:17:19 PST 2020


Hi Nadia,
Just a random thought here, but I wonder if doing this exercise against 
QGIS Desktop would be more worthwhile from a security perspective? There 
are very few deployments of QGIS-Server but many many deployments of 
Desktop.

For example, is it possible to compromise QGIS Desktop via a 
opening/connecting to a compromised shapefile/Geopackage/web-service/CSV 
etc etc? I have no idea, but it'd definitely be a useful thing to 
investigate.
Cheers,
Jonathan

On 2020-02-02 17:36, nadiaspit wrote:
> Hi Even,
>
> thank you so much for answering my questions.
>
> Of course my assessment is far beyond automating scanning for vulnerability.
> I just wrote about 1 potential issue. As I said at the beginning, this is
> about my Project Work as student of Master of Cybersecurity in Pisa, Italy.
> I really appreciate your work and I think qgis server is well designed and
> can be successfully used to create a robust architecture from a
> cybersecurity perspective.
>
> Before writing to qgis-developer I first submitted the issue to Lizmap
> Github group, they suggested to write here, as they think it would be a qgis
> issue.
> Also for me the issue is likely to be LizMap specific rather than
> QGIS-server.
> I'll make another attempt with the Lizmap community.
>
> Thank you for your time.
> Kind Regards,
> Nadia
>
>
>
> --
> Sent from: http://osgeo-org.1560.x6.nabble.com/QGIS-Developer-f4099106.html
> _______________________________________________
> QGIS-Developer mailing list
> QGIS-Developer at lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer


More information about the QGIS-Developer mailing list