Hi everyone,
I would like to know if the problem of GWC security have been fixed ?
Or do you have a solution to fix it ? What should I do ?
The problem that I discovered is also reported here :
http://osgeo-org.1803224.n2.nabble.com/GeoWebCache-integration-in-geoserver-and-security-td6124001.html
In fact, when the request is not cached, GWC connect with geoserver and
the layer is displayed only if the user give the correct credentials
(geoserver is working as expected, serving only layers authorized for
the current user).
But if the request is already cached, GWC will not contact Geoserver and
it will replies to the client with the layer in cache even if the user
doesn't give the credentials. So even a client without the credentials
will have access to the layers cached in GWC, and bypass any security
measure.
Thanks,
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
