cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoff Howard <coc...@leverageweb.com>
Subject Re: cocoon-view as possible security problem?
Date Fri, 21 Mar 2003 12:32:03 GMT
At 03:19 AM 3/21/2003, you wrote:
>Stefano Mazzocchi wrote:
>
>>Tony Collen wrote:
>>
>>>Browsing the livesites, on a whim I tried this URL:
>>>
>>>http://dir.salon.com/?cocoon-view=content
>>>
>>>and it worked!  Obviously someone deploying Cocoon should be aware that
>>>this view is "on" by default, and may reveal data in your page you might
>>>not want.  I have yet to see "bad" data get exposed, but there's always
>>>the possibility.
>>
>>
>>Well, the cocoon "view" was designed to be a standard way for external 
>>crawlers or spiders to gather 'semantically meaningful' data from URLs 
>>served by cocoon.
>>
>>yes, there is the possibility of bad data exposed.
>>

<snip/>

>>So, at the end, I would do:
>>
>>1) turn off views from the default sitemap. NOTE: this will turn off the 
>>ability to make static snapshots of your webapp from the cocoon CLI!
>>
>>2) write a pretty detailed comment in the default sitemap telling what 
>>views are, how they work briefly and what potential security issues do 
>>they make.
>>
>>3) keep the view parameter name hardcoded as it is.
>>
>>Thoughts? anybody against this?
>
>
>What about simply adding an IP matcher in the view that would restrict 
>access to the view to a reserved set of clients (localhost by default), 
>and direct others to a nice page, or simply a 404 error ? This would leave 
>the door open to local debugging and crawnling, and would firmly close it 
>to remote "attacks".

I don't see any need for #1 because
- isn't it used by a lot of samples?
- it gives the impression that they are not meant to be public and normally 
expose dangerous data (which they don't - probably)

  If the warning is there, and information/ability is provided on 
strategies to secure views (like Sylvain's good suggestion) that's enough IHMO.

By the way, I think there are bigger security problems in cocoon...

Geoff 


Mime
View raw message