Karl created an issue |
Geowebcache does not check security data rules on WTMS requests |
Issue Type: |
Bug |
---|---|
Affects Versions: |
2.18.0 |
Assignee: |
Unassigned |
Created: |
18/Nov/20 3:09 AM |
Environment: |
Ubuntu 20.04.1 LTS |
Priority: |
Medium |
Reporter: |
I have defined this data security config, so all access in READ to anything must be authenticated:
But it seems that if a client request WMTS tiles without authentication, and that they are cached by GWC, they are returned to the client instead of returning 401 error, which is a big security hole… I came across this conversation of 2013 which resumes my problem : http://osgeo-org.1560.x6.nabble.com/Unable-to-get-GeoServer-GWC-to-apply-authentication-to-my-WMTS-tile-requests-td5085389.html It looked like a patch was merged in the past, but today I encounter the exact same problem… |
Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS |
|
This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100151-sha1:7c1a4b0) |