Hi Nadia,
Just a random thought here, but I wonder if doing this exercise against
QGIS Desktop would be more worthwhile from a security perspective? There
are very few deployments of QGIS-Server but many many deployments of
Desktop.
For example, is it possible to compromise QGIS Desktop via a
opening/connecting to a compromised shapefile/Geopackage/web-service/CSV
etc etc? I have no idea, but it'd definitely be a useful thing to
investigate.
Cheers,
Jonathan
On 2020-02-02 17:36, nadiaspit wrote:
Hi Even,
thank you so much for answering my questions.
Of course my assessment is far beyond automating scanning for vulnerability.
I just wrote about 1 potential issue. As I said at the beginning, this is
about my Project Work as student of Master of Cybersecurity in Pisa, Italy.
I really appreciate your work and I think qgis server is well designed and
can be successfully used to create a robust architecture from a
cybersecurity perspective.
Before writing to qgis-developer I first submitted the issue to Lizmap
Github group, they suggested to write here, as they think it would be a qgis
issue.
Also for me the issue is likely to be LizMap specific rather than
QGIS-server.
I'll make another attempt with the Lizmap community.
Thank you for your time.
Kind Regards,
Nadia
--
Sent from: http://osgeo-org.1560.x6.nabble.com/QGIS-Developer-f4099106.html
_______________________________________________
QGIS-Developer mailing list
[email protected]
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
_______________________________________________
QGIS-Developer mailing list
[email protected]
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
