Rob Atkinson ha scritto: > Have to be pretty careful rest config doesnt open SQL injection attack > paths of course :-)
Well, RESTConfig can do worse, the datastore config contain all you need to access a database. That's why we request the user to be an admin, but out of the box is not enough, it should also be protected by HTTPS (afaik now that has to be done through a proxy). Cheers Andrea -- Andrea Aime OpenGeo - http://opengeo.org Expert service straight from the developers. ------------------------------------------------------------------------------ _______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
