Hi Srini, Currently, those rules aren't enforced on the client-side of the tunnel. You should use regular Restlet authorization filters to achieve a similar result and in any case, add complementary checks on the server-side.
Could you enter an issue in the tracker for this? Any help on this front would be also welcome. Best regards, Jerome -- http://www.restlet.org http://twitter.com/#!/jlouvel -----Message d'origine----- De : Srini S [mailto:[email protected]] Envoyé : mardi 22 novembre 2011 05:51 À : [email protected] Objet : SDC and permitted URLs Security After running the Restlet SDC extension, we found that irrespective of the permitted URL's configured in the SDC agent's resource configuration, all URL's within the network where being allowed. The SDC documentation states the following: "SDC helps let you set rules for what resources your users can access using Google Apps. These rules are uploaded to Google Apps and enforced there, so that specified users in your domain can access resources behind the company's firewall". Refer the link here: http://code.google.com/securedataconnector/docs/1.3/security.html Looks like Restlet is not enforcing this and all URLs are being permitted. Is a fix planned for this? Regards Srini ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=28841 91 ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2885141
