Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve security #286

Open
green3g opened this issue May 13, 2020 · 0 comments
Open

Improve security #286

green3g opened this issue May 13, 2020 · 0 comments

Comments

@green3g
Copy link

green3g commented May 13, 2020

This idea is to improve overall security using additional layer views. Issues that could potentially arise with current security:

  • Public can approve their own data (layer views are not set to hide this)
  • Public can modify any of the records and associated data
  • Public can access individual user data, email, phone, name, etc.

Solutions:

Restrict access to private user data

User data, such as email, phone, etc, should be submit only via the public layer view. They should not be queryable, and should certainly not be editable. The default layer view for creating data should be modified to be submit-only. No updates allowed.

An additional layer view should be created for querying geometry and comments.

Restrict editing on existing data

Only fields that need to be editable should be allowed to edit. (Number of likes). There should be an additional layer view allowing updates only to this field.

Document security best practices

For lots of users, they won't realize that their data can be easily dropped into a web map and modified. Good security practices and instructions should be provided for users.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@green3g