You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is no whitelist implemented in the current collectory server. Whitelists are fragile and are already overused in the ALA security model (both logger and auth rely completely on them).
The connectionParameters variable should only be shown to authenticated (apikey) users and access to the /upload/ directory should also be protected by apikey access.
There is no authentication/security required for accessing the different fields in the dataresource info API such as : http://collections.ala.org.au/ws/dataResource/dr361
This makes critical information (specially connection properties visible to everyone).
connectionParameters
and.gbifRegistryKey
The text was updated successfully, but these errors were encountered: