[Fiware-iot] private documents visible

Juanjo Hierro jhierro at tid.es
Sun Sep 25 23:22:16 CEST 2011

Previous message: [Fiware-iot] private documents visible
Next message: [Fiware-iot] private documents visible
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

  I have taken a look at this issue.

  Apparently, the access to the documents you mention is restricted.   Maybe you were clicking on the links above and it worked because you had logged previously to FusionForge and the session was still open.   I tested the access myself for the first document (Cumulocity NSN), first without being logged in FusionForge and second once I had logged in.   The document was only accessible when I was logged in.   Without being logged in FusionForge, a "Permission denied" message is returned.

  What seems to be happening is that private documents are indexed by the Google crawlers (although at the end of the day, they remain inaccessible).   This is an issue we should fix.   However, let me make the point that no private document has become publicly accessible, which is what really matters.   We should fix this asap, but let me say it doesn't seem as critical as it appeared to be.

  Best regards,

-- Juanjo

On 25/09/11 21:41, Ernoe Kovacs wrote:
Small feedback from our side...

... when I explained to some people here working on FI-Ware,
they immediately said this is against the CA. Didn't escalated it yet,
but it is an issue that needs solving. Swithcing to another tool is
fine.

Please be aware, this is an issue !


-          Ernö

From: fiware-iot-bounces at lists.fi-ware.eu<mailto:fiware-iot-bounces at lists.fi-ware.eu> [mailto:fiware-iot-bounces at lists.fi-ware.eu] On Behalf Of Farkas, Lorant (NSN - HU/Budapest)
Sent: Freitag, 23. September 2011 15:16
To: ext Haller, Stephan; fiware-iot at lists.fi-ware.eu<mailto:fiware-iot at lists.fi-ware.eu>
Subject: Re: [Fiware-iot] private documents visible

Support should say something. Juanjo and Thomas should be on that list.

Br,

Lorant

________________________________
From: ext Haller, Stephan [mailto:stephan.haller at sap.com]<mailto:[mailto:stephan.haller at sap.com]>
Sent: Friday, September 23, 2011 3:14 PM
To: Farkas, Lorant (NSN - HU/Budapest); fiware-iot at lists.fi-ware.eu<mailto:fiware-iot at lists.fi-ware.eu>
Subject: RE: private documents visible
Who is taking care of this? If this cannot be resolved, we need to switch to another tool.

Regards,
-Stephan

From: fiware-iot-bounces at lists.fi-ware.eu<mailto:fiware-iot-bounces at lists.fi-ware.eu> [mailto:fiware-iot-bounces at lists.fi-ware.eu]<mailto:[mailto:fiware-iot-bounces at lists.fi-ware.eu]> On Behalf Of Farkas, Lorant (NSN - HU/Budapest)
Sent: Freitag, 23. September 2011 15:08
To: fiware-iot at lists.fi-ware.eu<mailto:fiware-iot at lists.fi-ware.eu>
Subject: [Fiware-iot] FW: private documents visible


FYI, careful with the uploads... Setting private does not help.

Br,

Lorant

______________________________________________
From:   Bisztray, Denes (NSN - HU/Budapest)
Sent:   Friday, September 23, 2011 3:07 PM
To:     fiware-support at lists.fi-ware.eu<mailto:fiware-support at lists.fi-ware.eu>
Cc:     Farkas, Lorant (NSN - HU/Budapest)
Subject:        private documents visible

Hi,

   The supposedly private documents are still reachable from outside. If you search google for keywords from the docs, it finds them and gives you the link. I believe this is a SERIOUS security problem, please resolve it ASAP.

Evidence:

    *   Search for Cumulocity NSN:

http://www.google.fi/#sclient=psy-ab&hl=hu&source=hp&q=Cumulocity+NSN&pbx=1&oq=Cumulocity+NSN&aq=f&aqi=&aql=1&gs_sm=e&gs_upl=4279l4899l2l5159l4l3l0l0l0l0l224l428l2-2l3l0&bav=on.2,or.r_gc.r_pw.&fp=9a24604d477dfd8&biw=1373&bih=728<http://www.google.fi/>

The third from the bottom is the PRIVATE supposedly not visible Architecture document.

2.      Trying it with IDAS Telefónica its even worse:

http://www.google.fi/#sclient=psy-ab&hl=hu&source=hp&q=IDAS+Telef%C3%B3nica&pbx=1&oq=IDAS+Telef%C3%B3nica&aq=f&aqi=&aql=1&gs_sm=e&gs_upl=49626l52101l0l52294l15l12l0l0l0l0l303l2660l0.1.9.1l11l0&bav=on.2,or.r_gc.r_pw.&fp=9a24604d477dfd8&biw=1373&bih=728<http://www.google.fi/>

  It's the third from the top.

Best,
Dénes Bisztray

________________________________
Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo.
This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at.
http://www.tid.es/ES/PAGINAS/disclaimer.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/old-fiware-iot/attachments/20110925/a4c11d4f/attachment.html>

Previous message: [Fiware-iot] private documents visible
Next message: [Fiware-iot] private documents visible
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Old-Fiware-iot mailing list

You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy