Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Expose metrics to non-admins #3344
@erasche @peterjc is this just the path which we care about? Why do we not replace the path with a placeholder for non-admins? Every job should know the job_working_directory so we can simply .replace('job_working_directory', '[hidden path]'). If this is still to insecure because of databases and data from loc files we could replace all path with a regex?
@erasche The default deployment should reveal as little information as necessary about the configuration of the deployment. This is a fairly traditional approach to securing web applications. Certainly the attacks I can imagine in your described situation are contrived - but if we succeed in pushing Galaxy into more and more sensitive areas of the field there is going to be continued pushes to lock down information exposure. We've already received some in the past.
@bgruening This would be incomplete unless the regex was so expansive that the result would be quite confusing. I prefer the current approach.
I'm +1 now that these changes have been made - can everyone agree this is at least a step forward?