Changes between Initial Version and Version 1 of Ticket #2864
- Timestamp:
- Mar 21, 2023, 5:49:24 AM (14 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #2864 – Description
initial v1 1 To reduce the attack surface of the MapGuide Web Tier and to prevent unwanted leakage of sensitive connection strings in certain Feature Sources, we should provide the ability for admins to deny the use of resource fetch APIs to anonymous users .1 To reduce the attack surface of the MapGuide Web Tier and to prevent unwanted leakage of sensitive connection strings in certain Feature Sources, we should provide the ability for admins to deny the use of resource fetch APIs to anonymous users on a certain set of resources 2 2 3 3 This could be defined as a list of resource ids or resource id prefixes in `webconfig.ini` that get checked against any resource id of a GETRESOURCE, GETRESOURCEHEADER, GETRESOURCEDATA operation executed in the context of an Anonymous user.
