Changes

Jump to: navigation, search

Talk:GEPS 013: Gramps Webapp

1,237 bytes added, 16:43, 31 October 2013
m
Security
* Ability to make a given user an admin, so they can access and edit server settings and user accounts (perhaps separate settings for server and user admin?).
* Revision control. Like this wiki, the ability to retrieve the history of any given database object, and see what changes were made, when, and by whom.
* Gramps hardening. Once we expose Gramps online, even in a supposedly "read-only" mode, and let anyone out there submit inputs to it, we open ourselves to lots of well-known exploit techniques, like any other web application out there. We have to protect the server capacity resources (CPU, data, and bandwidth), server assets (data - so that we don't have, e.g., an option in the web app that allows to leak data from the DB or the server's filesystem), clients (so that we don't make it easier to attack somebody else or extract data from a client's web browser in a multi-staged attack), other servers (so that, for instance, some webapp command doesn't cause our webapp to make a DoS attack against another machine), etc. Some of the threats might be mitigated by the appropriate Django mechanisms, but I haven't looked deeply. Last, but not the least, we need regression testing assuring that the security guarantees set forward by the features in the bullets above actually hold (e.g., that only the administrator may change the server settings and provision other user accounts).
 
This means we need security threat modelling, penetration testing, and a security code audit. Until then, I wouldn't recommend anybody to deploy it live.
There are surely plenty of other possible capabilities, but these are what come to mind right now as being most important for preserving the privacy and integrity of the data.
== GeoView like ==
Maybe it can also be possible to implement a GeoView like (Gramps-Gtk program) ?
There is a nice [http://savannah.nongnu.org/projects/maposmatic/ project] using Django framework and a Python module for generating maps of cities or towns, including index of streets, from OpenStreetMap data. There is some samples (around the world) on [http://www.maposmatic.org/ this page ].
== Where are they ? ==
Hi,
I added a well known (for french) collaborative database, which uses Geneweb engine as additionnal sample.
== Old issues ==
* [http://tomlowshang.blogspot.fr/2010/12/gramps-web-app.html Default locale and build]
:''It seems to be fixed on last versions''?
296
edits

Navigation menu