SDC and permitted URLs Security

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SDC and permitted URLs Security

Srini S
After running the Restlet SDC extension, we found that irrespective of the permitted URL's configured in the SDC agent's resource configuration, all URL's within the network where being allowed.  The SDC documentation states the following: "SDC helps let you set rules for what resources your users can access using Google Apps. These rules are uploaded to Google Apps and enforced there, so that specified users in your domain can access resources behind the company's firewall".  Refer the link here: http://code.google.com/securedataconnector/docs/1.3/security.html

Looks like Restlet is not enforcing this and all URLs are being permitted.  Is a fix planned for this?

Regards
Srini

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2884191
Reply | Threaded
Open this post in threaded view
|

RE: SDC and permitted URLs Security

jlouvel
Administrator
Hi Srini,

Currently, those rules aren't enforced on the client-side of the tunnel. You
should use regular Restlet authorization filters to achieve a similar result
and in any case, add complementary checks on the server-side.

Could you enter an issue in the tracker for this? Any help on this front
would be also welcome.

Best regards,
Jerome
--
http://www.restlet.org
http://twitter.com/#!/jlouvel


-----Message d'origine-----
De : Srini S [mailto:[hidden email]]
Envoyé : mardi 22 novembre 2011 05:51
À : [hidden email]
Objet : SDC and permitted URLs Security

After running the Restlet SDC extension, we found that irrespective of the
permitted URL's configured in the SDC agent's resource configuration, all
URL's within the network where being allowed.  The SDC documentation states
the following: "SDC helps let you set rules for what resources your users
can access using Google Apps. These rules are uploaded to Google Apps and
enforced there, so that specified users in your domain can access resources
behind the company's firewall".  Refer the link here:
http://code.google.com/securedataconnector/docs/1.3/security.html

Looks like Restlet is not enforcing this and all URLs are being permitted.
Is a fix planned for this?

Regards
Srini

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=28841
91

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2885141
Reply | Threaded
Open this post in threaded view
|

RE: SDC and permitted URLs Security

Srini S
Hi Jerome

That's right.  We will implement some changes on the server to handle this.  I will get in touch with you to discuss this further and to see how we can help.

Additionally we also want to implement some changes for the heartbeat.

I have also reported an issue in the tracker.

Regards
Srini

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2886078