Is anyone aware f any known vulnerabilities with OpenRefine?
--
You received this message because you are subscribed to the Google Groups "OpenRefine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openrefine+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
To unsubscribe from this group and stop receiving emails from it, send an email to openrefine+unsubscribe@googlegroups.com.
The "issue" mentioned by David Leoni isn't actually an issue at all because the Refine server is started by the user who's accessing it, so has the same credentials and privileges that the user has. Any damage done using Refine could be done by the user using Python or any other tool that they invoke.
Tom--
On Fri, Nov 4, 2016 at 1:54 PM, David Leoni <david.l...@gmail.com> wrote:
There is one obvious security issue. Since Refine allows users to execute unrestricted Python scripts via Jython for performing data transformations, a malicious user can easily run scripts of his choice, with the same OS privileges the process running Refine has. This is especially a problem when exposing Refine to users via web, which is not the main Refine user case, though.
I thought about a couple of workarounds (but I'm no security expert):- just disable Python scripting (easy, and you can still do more secure scripting with GREL)- sandboxing Python (maybe hard, I've never done it)
Regards,David
Il giorno giovedì 3 novembre 2016 15:59:23 UTC+1, Thad Guidry ha scritto:None that have been reported to us.
As with any locally installed software, your data is only secure as the level of paranoia and precautions you take with any other software. Firewalls, malware/virus, encryption, etc.
If you have concerns, or other questions surrounding security of your local data, we would be more than happy to answer them.
On Wed, Nov 2, 2016 at 5:50 PM <resear...@gmail.com> wrote:
Is anyone aware f any known vulnerabilities with OpenRefine?--
You received this message because you are subscribed to the Google Groups "OpenRefine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openrefine+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "OpenRefine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openrefine+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to a topic in the Google Groups "OpenRefine" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/openrefine/ktOramKclsI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to openrefine+...@googlegroups.com.