On Mon, Apr 16, 2012 at 6:27 PM, Jay L. <[email protected]> wrote:
> List,
>
> I am using the rest api and reflect to generate a layer picker
> programmatically.
>
> In my javascript file I access geoserver via:
>
> '/geoserver/rest/workspaces/lunar/datastores/Non-Edittable_WMS/featuretypes.json'
> using jquery.getJSON().
>
> This is requiring that I log in to geoserver. I believe that I am using a
> GET request, and I believe that this should not require authentication as
> per the documentation. What am I missing about authentication or this REST
> request?
>
>
That by GET-ing information you may get to know ways to attack the server,
for example the full set of parameters to connect to databases, including
username and password in plain text, and the like
Cheers
Andrea
--
-------------------------------------------------------
Ing. Andrea Aime
GeoSolutions S.A.S.
Tech lead
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 962313
mob: +39 339 8844549
http://www.geo-solutions.it
http://geo-solutions.blogspot.com/
http://www.youtube.com/user/GeoSolutionsIT
http://www.linkedin.com/in/andreaaime
http://twitter.com/geowolf
-------------------------------------------------------
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
