Problems with http-PUT and http-DELETE methods

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Problems with http-PUT and http-DELETE methods

Tanja
Hello,

we had in our company a security test for the geonetwork. It shows that we
had some problems with open
 http-PUT and http-DELETE methods. The http-PUT and http-DELETE methods are
open in the path /geonetwork/srv/api and selections. I’m not sure if this is
a problem by geonetwork or with our server. Maybe you can tell me if these
methods necessary for geonetwork or how it is possible to not allow these
methods?

Thank you.

Kind regards,
Tanja




--
Sent from: http://osgeo-org.1560.x6.nabble.com/GeoNetwork-users-f3860293.html


_______________________________________________
GeoNetwork-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork
Reply | Threaded
Open this post in threaded view
|

Re: Problems with http-PUT and http-DELETE methods

Francois Prunayre
Hi, If you remove PUT/DELETE from the api/selections then you just drop the
selection mechanism. So it is probably not a good idea!

Cheers.

Francois

Le ven. 15 nov. 2019 à 11:12, Tanja <[hidden email]> a
écrit :

> Hello,
>
> we had in our company a security test for the geonetwork. It shows that we
> had some problems with open
>  http-PUT and http-DELETE methods. The http-PUT and http-DELETE methods are
> open in the path /geonetwork/srv/api and selections. I’m not sure if this
> is
> a problem by geonetwork or with our server. Maybe you can tell me if these
> methods necessary for geonetwork or how it is possible to not allow these
> methods?
>
> Thank you.
>
> Kind regards,
> Tanja
>
>
>
>
> --
> Sent from:
> http://osgeo-org.1560.x6.nabble.com/GeoNetwork-users-f3860293.html
>
>
> _______________________________________________
> GeoNetwork-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/geonetwork-users
> GeoNetwork OpenSource is maintained at
> http://sourceforge.net/projects/geonetwork
>

_______________________________________________
GeoNetwork-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork