[jira] Created: (OFBIZ-2074) Tarpitting feature for confidential data access
Locked
12
12
[jira] Updated: (OFBIZ-2074) Grey list feature for confidential data access
 
|
[ https://issues.apache.org/jira/browse/OFBIZ-2074?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-2074: ----------------------------------- Attachment: (was: requesthandler.patch) > Grey list feature for confidential data access > ---------------------------------------------- > > Key: OFBIZ-2074 > URL: https://issues.apache.org/jira/browse/OFBIZ-2074 > Project: OFBiz > Issue Type: New Feature > Components: ALL COMPONENTS > Affects Versions: SVN trunk > Environment: NA > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Minor > Attachments: ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch > > Original Estimate: 20h > Time Spent: 19h > Remaining Estimate: 1h > > The goal is to avoid, as much as possible, confidential data leakage. > This feature will disallow access for a period of time to a view if this view is accessed more than a number of time in a period of time. This will prevent confidential data thievery done from a compromised login/pwd couple. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Updated: (OFBIZ-2074) Grey list feature for confidential data access
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-2074?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-2074: ----------------------------------- Attachment: ProtectedView.patch A new patch after some Ray's comment, only removed some remaining unused code. > Grey list feature for confidential data access > ---------------------------------------------- > > Key: OFBIZ-2074 > URL: https://issues.apache.org/jira/browse/OFBIZ-2074 > Project: OFBiz > Issue Type: New Feature > Components: ALL COMPONENTS > Affects Versions: SVN trunk > Environment: NA > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Minor > Attachments: ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch > > Original Estimate: 20h > Time Spent: 19h > Remaining Estimate: 1h > > The goal is to avoid, as much as possible, confidential data leakage. > This feature will disallow access for a period of time to a view if this view is accessed more than a number of time in a period of time. This will prevent confidential data thievery done from a compromised login/pwd couple. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Updated: (OFBIZ-2074) Grey list feature for confidential data access
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-2074?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-2074: ----------------------------------- Attachment: ProtectedView.patch Ray contributed a default view which appears when a view/login couple is blocked. I will commit this soon if nobody see a problem with it. > Grey list feature for confidential data access > ---------------------------------------------- > > Key: OFBIZ-2074 > URL: https://issues.apache.org/jira/browse/OFBIZ-2074 > Project: OFBiz > Issue Type: New Feature > Components: ALL COMPONENTS > Affects Versions: SVN trunk > Environment: NA > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Minor > Attachments: ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch > > Original Estimate: 20h > Time Spent: 19h > Remaining Estimate: 1h > > The goal is to avoid, as much as possible, confidential data leakage. > This feature will disallow access for a period of time to a view if this view is accessed more than a number of time in a period of time. This will prevent confidential data thievery done from a compromised login/pwd couple. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Updated: (OFBIZ-2074) Grey list feature for confidential data access
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-2074?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-2074: ----------------------------------- Attachment: ProtectedView.patch When I applied Ray's patch on my patch I noticed that one line slipped in as duplicate (not sure why, should not be normally) it was protect-view.preprocessor=java.org.ofbiz.webapp.control.ProtectViewWorker.checkProtectedView But another a lot more annoying slipped in also as duplicate <event type="java" path="org.ofbiz.webapp.control.ProtectViewWorker" invoke="checkProtectedView"/> Hence the control was done twice. It's fixed in this last patch. I also added a reset to 0 of the value of the static Map hitsByViewAccessed for the view when the view/login is tarpitted. This allow the admin to reset the login/view couple by putting 0 in TarpittedLoginView.tarpitReleaseDateTime field. I did not create an ui for that since using Entity Data Maintenance sounds just fine. > Grey list feature for confidential data access > ---------------------------------------------- > > Key: OFBIZ-2074 > URL: https://issues.apache.org/jira/browse/OFBIZ-2074 > Project: OFBiz > Issue Type: New Feature > Components: ALL COMPONENTS > Affects Versions: SVN trunk > Environment: NA > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Minor > Attachments: ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch > > Original Estimate: 20h > Time Spent: 19h > Remaining Estimate: 1h > > The goal is to avoid, as much as possible, confidential data leakage. > This feature will disallow access for a period of time to a view if this view is accessed more than a number of time in a period of time. This will prevent confidential data thievery done from a compromised login/pwd couple. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Updated: (OFBIZ-2074) Grey list feature for confidential data access
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-2074?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-2074: ----------------------------------- Attachment: ProtectedView.patch In this last version I added a Ray's suggestion : take advantage of properties file cache for the default blocked view property. I think it will be the last version and commited soon > Grey list feature for confidential data access > ---------------------------------------------- > > Key: OFBIZ-2074 > URL: https://issues.apache.org/jira/browse/OFBIZ-2074 > Project: OFBiz > Issue Type: New Feature > Components: ALL COMPONENTS > Affects Versions: SVN trunk > Environment: NA > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Minor > Attachments: ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch > > Original Estimate: 20h > Time Spent: 19h > Remaining Estimate: 1h > > The goal is to avoid, as much as possible, confidential data leakage. > This feature will disallow access for a period of time to a view if this view is accessed more than a number of time in a period of time. This will prevent confidential data thievery done from a compromised login/pwd couple. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Closed: (OFBIZ-2074) Grey list feature for confidential data access
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-2074?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux closed OFBIZ-2074. ---------------------------------- Resolution: Fixed Fix Version/s: SVN trunk Commited in trunk revision: 727508 > Grey list feature for confidential data access > ---------------------------------------------- > > Key: OFBIZ-2074 > URL: https://issues.apache.org/jira/browse/OFBIZ-2074 > Project: OFBiz > Issue Type: New Feature > Components: ALL COMPONENTS > Affects Versions: SVN trunk > Environment: NA > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Minor > Fix For: SVN trunk > > Attachments: ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch, ProtectedView.patch > > Original Estimate: 20h > Time Spent: 19h > Remaining Estimate: 1h > > The goal is to avoid, as much as possible, confidential data leakage. > This feature will disallow access for a period of time to a view if this view is accessed more than a number of time in a period of time. This will prevent confidential data thievery done from a compromised login/pwd couple. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
«
Return to OFBiz - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |