[Geoserver-devel] Who changed my data or is it sane to have WFS-T open to all by default?

2016-09-16 Thread Simone Giannecchini
Dear All, this JIRA has caught my eye https://osgeo-org.atlassian.net/browse/GEOS-7744 since I found that many people are not aware of the fact that we have, on our default config, WFS-T enable for everyone on alla layers. Let's be honest, we need to change this regardless of the reason why things

Re: [Geoserver-devel] Who changed my data or is it sane to have WFS-T open to all by default?

2016-09-16 Thread Andrea Aime
Hi Simone, yep, I like this approach a lot better than shutting down WFS-T altoghether. We should check, hopefully the desktop clients will just pop up a auth dialog when transaction is refused (would be best to check). Cheers Andrea On Fri, Sep 16, 2016 at 11:21 AM, Simone Giannecchini < simone

[Geoserver-devel] Build failed in Jenkins: GeoServer-2.9.x-OpenJDK8 #134

2016-09-16 Thread jenkins
See Changes: [Daniele Romagnoli] [GEOS-7718]: Netcdf: support ncml file extension (#1798) -- [...truncated 352 lines...] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Tim

[Geoserver-devel] [JIRA] (GEOS-7745) CSW based on internal layers ignores security restrictions

2016-09-16 Thread Andrea Aime [Administrator] (JIRA)
Title: Message Title Andrea Aime [Administ

Re: [Geoserver-devel] Security issue in CSW, security filters are being ignored

2016-09-16 Thread Andrea Aime
Ok, took a stab at it, pull request is here: https://github.com/geoserver/geoserver/pull/1822 Most of the options to alter the I've explored have some issues (including the chosen one): 1. Just adding the extra method with SortBy... breaks clients passing null as the sortyby, because the co

Re: [Geoserver-devel] Who changed my data or is it sane to have WFS-T open to all by default?

2016-09-16 Thread Jody Garnett
+1 On Fri, Sep 16, 2016 at 7:28 PM Andrea Aime wrote: > Hi Simone, > yep, I like this approach a lot better than shutting down WFS-T > altoghether. > We should check, hopefully the desktop clients will just pop up a > auth dialog when transaction is refused (would be best to check). > > Cheers >

[Geoserver-devel] Build failed in Jenkins: geoserver-master #3393

2016-09-16 Thread monitor
See Changes: [daniele.romagnoli] Netcdf: support ncml file extension (#1798) -- [...truncated 16533 lines...] [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Copying

Re: [Geoserver-devel] Security issue in CSW, security filters are being ignored

2016-09-16 Thread Andrea Aime
Hi, I actually also coded the "wrap the facade" path which has no interface breaking changes: https://github.com/geoserver/geoserver/pull/1823 The SecureCatalogFacade is not a pretty sight, but changes are otherwise much more contained Cheers Andrea On Fri, Sep 16, 2016 at 12:46 PM, Andrea Aim

Re: [Geoserver-devel] Who changed my data or is it sane to have WFS-T open to all by default?

2016-09-16 Thread Ben Caradoc-Davies
+1. Open WFS-T should not be the default. Kind regards, Ben. On 16/09/16 21:27, Andrea Aime wrote: > Hi Simone, > yep, I like this approach a lot better than shutting down WFS-T altoghether. > We should check, hopefully the desktop clients will just pop up a > auth dialog when transaction is refu