Uploaded image for project: 'Atlas Module'
  1. Atlas Module
  2. ATLAS-205

Do not expose data payloads sent from module directly

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Must
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      We should remove the data attribute when returning marker data from the API. The Atlas module reports which modules are running, operating system details, etc. that sites share with us with the understanding that these will be used for aggregate reporting. Exposing these for individual sites puts them at unnecessary risk (e.g., if a security flaw is identified in a specific version of a module and we are exposing these data, the Atlas could be used to create a list of targets).

      We will expose these data through the API through report resources (e.g., aggregate counts of module usage) or for an administrator exporting the data, but we do not want to expose these data in a way that can be connected to a specific marker by someone who is not an administrator.

        Gliffy Diagrams

          Attachments

            Activity

              People

              Assignee:
              heliostrike Sai Sandeep Mutyala
              Reporter:
              burke Burke Mamlin
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: