stanbol-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reto Bachmann-Gmür <r...@apache.org>
Subject Re: [POLL] make "-no-security" the default
Date Fri, 05 Apr 2013 19:56:45 GMT
On Fri, Apr 5, 2013 at 2:36 PM, Rupert Westenthaler <
rupert.westenthaler@gmail.com> wrote:

>
> Including the Security Modules, but with -no-security as default
> (basically by adding an option -enable-security)
>

So you did not encounter any problem in the stable launcher which has a
security manager but not the authenticating bundles. Good.

>
>
> > What's not functioning?
> >
> > *Want To Fix*
>
> The dev.iks-project.eu server was running for some time with security
> enabled. From what I can remember all Engines for remote services
> where failing because they where not allowed to connect to those hosts
> - Zemanta, Calai, Celi, Spotlight.


A quick fix would be about assigning the network connection to the
anonymous user. But if user can execute code this would make it an open
proxy. Another work-around would be a setting "execute enhancer engines as
privileged" so that the discussion could be about enabling this more
specific setting rather than about disabling security alltogether.


> I would also expect the
> FileContentItem implementation (enhancer.core) to fail creating the
> temporary files.

We discussed this. As there is no specific permission for temporary file
this should be done in a privileged code block.


> The EntityDereferencer and EntitySearcher
> implementation of the Entityhub for SPARQL and CoolURI
> (entityhub.site.linkeddata). But there might be additional one -
> especially from other Stanbol Components (e.g. the CMS Adapter might
> be affected)
>
This issues are exactly the kind of issues the "smoke detector" is for.
Feel free to assign issues to me if something can't be fixed by the module
maintainers.

Cheers,
Reto

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message