Opened 21 months ago
Closed 21 months ago
#2864 closed enhancement (fixed)
Support ability to deny resource fetching calls to certain resources for Anonymous users in the mapagent
Reported by: | jng | Owned by: | jng |
---|---|---|---|
Priority: | low | Milestone: | 4.0 |
Component: | Map Agent | Version: | |
Severity: | trivial | Keywords: | |
Cc: | External ID: |
Description (last modified by )
To reduce the attack surface of the MapGuide Web Tier and to prevent unwanted leakage of sensitive connection strings in certain Feature Sources, we should provide the ability for admins to deny the use of resource fetch APIs to anonymous users on a certain set of resources
This could be defined as a list of resource ids or resource id prefixes in webconfig.ini
that get checked against any resource id of a GETRESOURCE, GETRESOURCEHEADER, GETRESOURCEDATA operation executed in the context of an Anonymous user.
Change History (2)
comment:1 by , 21 months ago
Description: | modified (diff) |
---|
comment:2 by , 21 months ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
In 10036: