Details

      Description

      By default GeoServer will allow full WFS transactions, letting anyone who can access the server edit and delete data. This leads to many GeoServers running with that configuration without their administrators knowing. One can trivially find many such servers, ran by companies, universities, government agencies, free projects, etc.

      Of course this could be considered oversight on the user's part but I would highly suggest safe, restrictive defaults. Users (including me) are "stupid" and will use whatever works, ignoring possible problems in features they do not use.

      Please do not allow WFS transactions by default.

      I assume that this will apply to other services as well, but only looked at WFS. Please spread it to other parts of GeoServer as needed.

        Attachments

          Activity

            People

            • Assignee:
              nmco Nuno Oliveira
              Reporter:
              oqi73bo Anonymous
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: