[SAC] Re: [OSGeo] #79: possible SVN corruption in MapGuide vault?

OSGeo trac_osgeo at osgeo.org
Mon Mar 19 21:49:48 EDT 2007

#79: possible SVN corruption in MapGuide vault?
  Reporter:  waltweltonlair  |       Owner:  sac at lists.osgeo.org
      Type:  task            |      Status:  closed             
  Priority:  major           |   Component:  SAC                
Resolution:  invalid         |    Keywords:                     
Changes (by jbirch):

  * status:  reopened => closed
  * resolution:  => invalid



 The problem is that your security system is getting tripped because the
 SVN commit signature looks the same as the security issue that is
 indicated in that alert.

 There's nothing that can be done on the OSGeo server to prevent your IPS
 from seeing an SVN commit of a JSP file followed by N bytes as this

 At this point I think your options are to get your IT department to drop
 the rule, to create a special policy just for your workstation (if this is
 possible with your software), or to continue using Linux to commit JSP

 I had the same thing happen to me with our CheckPoint SPI firewall last
 year.  It wouldn't allow me to view MapBender maps because they contained
 too many characters in an image tag (the WMS string).  Eventually, my tech
 support guys made a special rule for me, and then once they were happy
 that all of the workstations had been patched against that particular
 vulnerability they turned it off altogether.

Ticket URL: <http://trac.osgeo.org/osgeo/ticket/79#comment:4>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

More information about the Sac mailing list