Cool :) -Arne
David Winslow wrote: > You're not missing anything, the proxy service I committed yesterday is > a completely open proxy (well, it only allows GET requests to anonymous > users, but that's more or less an accident with the default permissions > on restlet extensions). Alan will be starting work on regex whitelists > for hostname- and mimetype-based filtering later this week. > > -- > David Winslow > OpenGeo - http://opengeo.org/ > > On Wed, 2009-06-17 at 12:17 -0500, Arne Kepp wrote: > >> Hi, >> >> I just skimmed through it, and maybe I am missing something. But it >> sounds and looks like by default it allows anyone to go anywhere? >> >> I realize we will not be shipping this by default, but I don't think >> that's a good idea anyway. We should include a regex filter from the >> start (can be simple, set in an environment variable) and have the >> default configuration deny all requests. Otherwise we will be tempting >> spammers and script kiddies, and if you pay for excessive bandwidth it >> can get ugly quite fast. >> >> -Arne >> >> >> David Winslow wrote: >> >>> Hey all, >>> >>> In order to simplify deployment of OpenLayers applications on top of >>> GeoServer, I would like to create a community module on trunk that >>> mimics the proxy.cgi script that is often used with OpenLayers. >>> Basically, this script accepts a URL as a query parameter and forwards >>> the request to another server, allowing OpenLayers applications to load >>> feature data and other resources from servers other than the one hosting >>> the application. The script would eventually allow for host-based and >>> mimetype-based filtering of proxied requests to help admins prevent >>> abuse. >>> >>> If there are no objections I'd like to get this into SVN later today. >>> >>> -- >>> David Winslow >>> OpenGeo - http://opengeo.org/ >>> >>> >>> ------------------------------------------------------------------------------ >>> Crystal Reports - New Free Runtime and 30 Day Trial >>> Check out the new simplified licensing option that enables unlimited >>> royalty-free distribution of the report engine for externally facing >>> server and web deployment. >>> http://p.sf.net/sfu/businessobjects >>> _______________________________________________ >>> Geoserver-devel mailing list >>> Geoserver-devel@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >>> >>> > > -- Arne Kepp OpenGeo - http://opengeo.org Expert service straight from the developers ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
