Hey,
I just noticed I committed by accident a new component
I'm working on in web-core, in package
org.geoserver.web.wicket.browser
I wanted to talk about it later, but since it already
escaped my local fs, whatever, let's do it now.
The thing it's not complete, for the moment I have two
component:
- a table based listing of the files in a
directory, directly inpired by the Apache file listing,
- a breadcrumb component that shows the relative path
between a root path and a current path as a set of
clickable links.
The first is heavily inspired by the Apache standard
file listing:
http://presentations.opengeo.org/2008_FOSS4G/
http://presentations.opengeo.org/
The second by the usual site breadcrumbs.
Put them together, wire the events, add a selector
of base paths that one can look into (a simple
dropdown would do), add file filtering,
and you get a reasonably nice server side file
browser that can be used to go and choose files
on the server: useful to select shapefiles,
directories and all coverage types, especially
if GeoServer is sitting in a remote host
where one has only ssh access.
One thing I'm concerned about, is how much
of the file system do we allow the admin
to browse? Only the data dir contents is
somewhat safe, but limited. All the file
system seems to be risky, even if the component
itself does not allow one to download files,
it would allow anyone breaking into the
admin auth to see the whole filesystem layout.
Maybe allow configuration of the browsable paths?
Yet that would be something that is configured
in some way that cannot be overriden by the web
UI.
Am I thinking too much? Maybe just adding HTTPS
on the web admin console (something much overdue)
would relax the above worries?
Opinions welcomed.
Cheers
Andrea
--
Andrea Aime
OpenGeo - http://opengeo.org
Expert service straight from the developers.
