SAMP 1.3 security discussion changes
Mark Taylor
m.b.taylor at bristol.ac.uk
Fri Jul 15 04:45:06 PDT 2011
I've made some security-related adjustments to the Web Profile section
in the SAMP 1.3 WD.
- Discussion of security in section 5.4 somewhat reworked and reduced
as agreed in Naples, with a note that further research on security
is ongoing.
- Recommendation that all non-localhost requests to the Web Profile
hub HTTP server be rejected (403 Forbidden), since there is no
legitimate access to this server except from the local host.
- Provision that the URL translation service MAY block access to
sensitive resources (e.g. some parts of the local filesystem)
for security reasons (403 Forbidden).
You can see the changes on volute
(http://code.google.com/p/volute/source/detail?r=1540).
Comments welcome.
Mark
--
Mark Taylor Astronomical Programmer Physics, Bristol University, UK
m.b.taylor at bris.ac.uk +44-117-928-8776 http://www.star.bris.ac.uk/~mbt/
More information about the apps-samp
mailing list