On Tue, Aug 7, 2012 at 9:03 PM, <geoserver-devel-request@lists.sourceforge.net> wrote:
Send Geoserver-devel mailing list submissions to
geoserver-devel@lists.sourceforge.netTo subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
or, via email, send a message with subject or body ‘help’ to
geoserver-devel-request@lists.sourceforge.netYou can reach the person managing the list at
geoserver-devel-owner@lists.sourceforge.netWhen replying, please edit your Subject line so it is more specific
than “Re: Contents of Geoserver-devel digest…”Today’s Topics:
- Re: Security considerations for 2.2.x series (Christian Mueller)
- WFS 1.1 xlink cite tests (Jesse Eichar)
- Re: Security considerations for 2.2.x series (Andrea Aime)
- Re: Security considerations for 2.2.x series (Justin Deoliveira)
- Re: WFS 1.1 xlink cite tests (Justin Deoliveira)
Message: 1
Date: Tue, 7 Aug 2012 15:36:59 +0200
From: Christian Mueller <mcrmcr21@…403…>
Subject: Re: [Geoserver-devel] Security considerations for 2.2.x
series
To: geoserver-devel <geoserver-devel@lists.sourceforge.net>
Message-ID:
<CAFLCvWQhP1N+Bt5d-+836ZKGJVyX0e22npQ4vTyA+Y+j_hizsA@anonymised.com>
Content-Type: text/plain; charset=“iso-8859-1”Now I am unsure, should I prepare a migrated security directory for 2.2.x
and 2.3.x or not ???2012/8/7 Ben Caradoc-Davies Ben.Caradoc-Davies@anonymised.com
This should be a last resort as it would effectively lock the account for
those deploying GeoServer in a managed environment in which they do not
have root access. I still think it is better than a default password, so
perhaps this should be done if there was no admin account before the
upgrade?On 07/08/12 01:14, Justin Deoliveira wrote:
What if on migration we generated a random password for the root account.
–
Ben Caradoc-Davies Ben.Caradoc-Davies@anonymised.com
Software Engineer
CSIRO Earth Science and Resource Engineering
Australian Resources Research Centre-------------- next part --------------
An HTML attachment was scrubbed…
Message: 2
Date: Tue, 7 Aug 2012 15:42:37 +0200
From: Jesse Eichar <jesse.eichar@anonymised.com>
Subject: [Geoserver-devel] WFS 1.1 xlink cite tests
To: Geoserver-devel <geoserver-devel@lists.sourceforge.net>
Message-ID:
<CACOi6TAad8vqzxDm=iMBBRevTOavpaDJkEa7MU7Dew3hGw8e4w@anonymised.com>
Content-Type: text/plain; charset=“utf-8”Hi,
Just curious if the xlink cite tests are supposed to work. They are
failing for me.Jesse
-------------- next part --------------
An HTML attachment was scrubbed…
Message: 3
Date: Tue, 7 Aug 2012 15:49:37 +0200
From: Andrea Aime <andrea.aime@anonymised.com>
Subject: Re: [Geoserver-devel] Security considerations for 2.2.x
series
To: Christian Mueller <mcrmcr21@anonymised.com.403…>
Cc: geoserver-devel <geoserver-devel@lists.sourceforge.net>
Message-ID:
<CA+nxMTtzn0j2bwQ9RHFtKONEAoQRVX6ZbAaDAFsFZq_o0hEKew@anonymised.com>
Content-Type: text/plain; charset=“iso-8859-1”On Tue, Aug 7, 2012 at 3:36 PM, Christian Mueller <mcrmcr21@anonymised.com>wrote:
Now I am unsure, should I prepare a migrated security directory for 2.2.x
and 2.3.x or not ???I would put it on 2.3.x, and backport once we are satisfied the automatic
upgrade
is doing the right thingCheers
Andrea–
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.Ing. Andrea Aime
@geowolf
Technical LeadGeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 962313
mob: +39 339 8844549http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------- next part --------------
An HTML attachment was scrubbed…
Message: 4
Date: Tue, 7 Aug 2012 08:02:24 -0600
From: Justin Deoliveira <jdeolive@anonymised.com>
Subject: Re: [Geoserver-devel] Security considerations for 2.2.x
series
To: Andrea Aime <andrea.aime@anonymised.com…1268…>
Cc: geoserver-devel <geoserver-devel@lists.sourceforge.net>
Message-ID:
<CAEwWEk3674H1-7hTZxGSBoUJEkE+xb=ndiViUQ1o2VQmzBqzZw@anonymised.com>
Content-Type: text/plain; charset=“iso-8859-1”On Tue, Aug 7, 2012 at 7:49 AM, Andrea Aime <andrea.aime@anonymised.com>wrote:
On Tue, Aug 7, 2012 at 3:36 PM, Christian Mueller <mcrmcr21@anonymised.com>wrote:
Now I am unsure, should I prepare a migrated security directory for 2.2.x
and 2.3.x or not ???I would put it on 2.3.x, and backport once we are satisfied the automatic
upgrade
is doing the right thingChristian. To clarify we are not changing this to mitigate the root account
security hole, the plan is to make the root account password the same as
the admin account password. Falling back on a random password (saved out in
plain text) if the admin account does not exist.I wanted to hear from you on your thoughts about this?
As for the data directory change i would actually just leave it as is for
now. But no strong objection to changing it on master.Cheers
Andrea
–
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.Ing. Andrea Aime
@geowolf
Technical LeadGeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 962313
mob: +39 339 8844549http://www.geo-solutions.it
http://twitter.com/geosolutions_it
Live Security Virtual Conference
Exclusive live event will cover all the ways today’s security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel–
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
-------------- next part --------------
An HTML attachment was scrubbed…
Message: 5
Date: Tue, 7 Aug 2012 08:03:17 -0600
From: Justin Deoliveira <jdeolive@anonymised.com>
Subject: Re: [Geoserver-devel] WFS 1.1 xlink cite tests
To: Jesse Eichar <jesse.eichar@anonymised.com>
Cc: Geoserver-devel <geoserver-devel@lists.sourceforge.net>
Message-ID:
<CAEwWEk1ncJeyBemXv+hfeNn5TKW4O9e0o0kupd7sGH+t7Y220w@anonymised.com>
Content-Type: text/plain; charset=“iso-8859-1”Nope. At one point they did but required some serious hacks to pass them.
We decided not to maintain that going forward and eventually create a
version of the cite tests suite that used app-schema to properly support
xlink. That has yet to happen though.On Tue, Aug 7, 2012 at 7:42 AM, Jesse Eichar <jesse.eichar@anonymised.com>wrote:
Hi,
Just curious if the xlink cite tests are supposed to work. They are
failing for me.Jesse
Live Security Virtual Conference
Exclusive live event will cover all the ways today’s security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel–
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
-------------- next part --------------
An HTML attachment was scrubbed…
Live Security Virtual Conference
Exclusive live event will cover all the ways today’s security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-develEnd of Geoserver-devel Digest, Vol 75, Issue 24