[Geoserver-devel] GeoTools / GeoServer Meeting 2015-07-07

GeoServer GeoServer Developer
1

GeoTools / GeoServer Meeting 2015-07-07

Attending
---------

Ben Caradoc-Davies
Jukka Rahkonen
Kevin Smith
Torben Barsballe

Agenda
------

- Security
- Pull requests
- ESRI WMS cascading problem

Actions
-------

AA: Create Jira components Security (Authentication) and Security (Authorization) to replace Security

Actions from last meeting
-------------------------

AA: Create Security (Authentication) and Security (Authorization) to
replace Security [NOT DONE]
BCD: email user list: "SECURITY: Remote file disclosure vulnerability
[GEOS-7032]" [DONE]
BCD: add Vulnerability component to GeoServer Jira [DONE]

Security
--------

- Discussion about our improved response to vulnerability reports
- Thanks to Torben for the fix for GEOS-7095!

Pull requests
-------------

Reviewed and merged:

refresh psc list (GSIP 129)
https://github.com/geoserver/geoserver/pull/1133

responsible disclosure (GSIP-129)
https://github.com/geoserver/geoserver/pull/1134

Clarification on our expectations for submitting fixes (GSIP 129)
https://github.com/geoserver/geoserver/pull/1135

Moved WCS 1.1 schema to GeoTools
https://github.com/geoserver/geoserver/pull/1129

[GEOS-7095] Fix for exploitable bypass for XXE fix
https://github.com/geoserver/geoserver/pull/1130

[GEOS-7102] Importer support for non-JDBC databases
https://github.com/geoserver/geoserver/pull/1136

developers guide tutorial review and cleanup (GSIP-129)
https://github.com/geoserver/geoserver/pull/1131

ESRI WMS cascading problem
--------------------------

- Jukka, from the mapserver users list:

ESRI has decided not to follow the standard and has closed the bug, NIM104744, we submitted about not decoding a plus symbol ‘+’ to a space. Their solution is for everyone else to encode all spaces as %20 and to ignore http://tools.ietf.org/html/rfc3986. They have closed the bug and listed it as a known limit.

http://support.esri.com/en/bugs/nimbus/TklNMTA0NzQ0

So, in order for Mapserver to consume ESRI WMS services, with spaces in the name, the spaces have to be encoded as %20.

- Jukka noted that this can cause problems with cascading WMS
- Ben suggested adding a note to the user guide

--
Ben Caradoc-Davies <ben@anonymised.com>
Director
Transient Software Limited <http://transient.nz/&gt;
New Zealand

2

- Jukka noted that this can cause problems with cascading WMS - Ben suggested adding a note to the user guide

I've had numerous hassles with ESRI WMS services and in the end, I have written extensions to OL to consume the REST service instead. This is both faster and actually works over the 180 line (unlike the WMS service to my surprize). It also allows me access to services which are REST only and not supporting WMS/WFS. I actually like the ESRI query service - OGC could learn a thing or too (or geoserver could add vendor extensions for things like returnGeometry true/false)

One option for cascading WMS with ESRI would be to grab the ESRI tiles from REST export service and then serve as if WMS. You could add this to the endless developer to-do list. :slight_smile:

--
Phil Scadden, Senior Scientist GNS Science Ltd 764 Cumberland St, Private Bag 1930, Dunedin, New Zealand Ph +64 3 4799663, fax +64 3 477 5232

Notice: This email and any attachments are confidential.
If received in error please destroy and immediately notify us.
Do not copy or disclose the contents.

3

On Tue, Jul 7, 2015 at 11:30 PM, Phil Scadden <p.scadden@anonymised.com> wrote:

- OGC could learn a thing or too (or geoserver could add vendor
extensions for things like returnGeometry true/false)
One option for cascading WMS with ESRI would be to grab the ESRI tiles
from REST export service and then serve as if WMS. You could add this to
the endless developer to-do list. :slight_smile:

Both good ideas to be thrown in the "to be funded" bucket :-p

Cheers
Andrea

--

GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*

Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.

-------------------------------------------------------