Overview
GeoNode offers several means to add resources obtained from remote services and URLs to its catalogue. This simplifies the integration of documents and datasets from external sources, but requires strong attention to security.
GeoNode implements several security layers to keep insecure resources out of its perimeter, but keeping the surface attack as limited as possible is the best guarantee of safety.
For this reason, we're aiming to introduce a restriction to the catalogue functionality related to remote resources. The plan is to restrict them to administrators only by default. A configuration will allow them to revert to the current behaviour.
The affected features are:
- Remote documents
- Remote datasets (COGs, FGBs, 3dtiles)
- Remote Services (WMS, ArcGIS)
Technical proposal
For the moment, a single global configuration will switch the restriction on/off. Let's call it REGISTERED_USERS_CAN_ADD_REMOTE_RESOURCES for the moment.
This configuration will be read inside the PermissionsHandlerRegistry.get_db_perms_by_user() method and a new synthetic add_remote_resource will be added to the permissions for the current user.
The set of permissions will be returned automatically by the /users API, and the client can use it to handle the frontend tools (like action menus for Remote Services, and the "Add from URL" tab inside the upload pages).
In the future we can decide to handle the settings as a real permission that can be assigned to users and groups.
Overview
GeoNode offers several means to add resources obtained from remote services and URLs to its catalogue. This simplifies the integration of documents and datasets from external sources, but requires strong attention to security.
GeoNode implements several security layers to keep insecure resources out of its perimeter, but keeping the surface attack as limited as possible is the best guarantee of safety.
For this reason, we're aiming to introduce a restriction to the catalogue functionality related to remote resources. The plan is to restrict them to administrators only by default. A configuration will allow them to revert to the current behaviour.
The affected features are:
Technical proposal
For the moment, a single global configuration will switch the restriction on/off. Let's call it
REGISTERED_USERS_CAN_ADD_REMOTE_RESOURCESfor the moment.This configuration will be read inside the
PermissionsHandlerRegistry.get_db_perms_by_user()method and a new syntheticadd_remote_resourcewill be added to the permissions for the current user.The set of permissions will be returned automatically by the /users API, and the client can use it to handle the frontend tools (like action menus for Remote Services, and the "Add from URL" tab inside the upload pages).
In the future we can decide to handle the settings as a real permission that can be assigned to users and groups.