Uploaded image for project: 'Atlas Module'
  1. Atlas Module
  2. ATLAS-205

Do not expose data payloads sent from module directly

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Must
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Complexity:
      Low

      Description

      We should remove the data attribute when returning marker data from the API. The Atlas module reports which modules are running, operating system details, etc. that sites share with us with the understanding that these will be used for aggregate reporting. Exposing these for individual sites puts them at unnecessary risk (e.g., if a security flaw is identified in a specific version of a module and we are exposing these data, the Atlas could be used to create a list of targets).

      We will expose these data through the API through report resources (e.g., aggregate counts of module usage) or for an administrator exporting the data, but we do not want to expose these data in a way that can be connected to a specific marker by someone who is not an administrator.

        Attachments

          Activity

            People

            Assignee:
            heliostrike Sai Sandeep Mutyala
            Reporter:
            burke Burke Mamlin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: