Hardening a GeoNode Project – Some considerations about container security and optimization - TIB AV-Portal

Hardening a GeoNode Project – Some considerations about container security and optimization

00:00

0

Related Material

Open Source Geospatial Foundation (OSGeo)

Mota, Carlos Eduardo

Formal Metadata

Title

Hardening a GeoNode Project – Some considerations about container security and optimization

Title of Series

FOSS4G Firenze 2022

Number of Parts

351

Author

Mota, Carlos Eduardo

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/68960 (DOI)

Publisher

Open Source Geospatial Foundation (OSGeo)

Release Date

Language

Production Year

2022

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

The GeoNode, according to the project's website, is a platform for managing and publishing geospatial data. It brings together mature and stable open source software projects into a consistent, easy-to-use interface, allowing non-specialist users to share data and create interactive maps. In Brazil there is a growing use of GeoNode, observed mainly in governmental institutions and universities. One of the main ways of installing and configuring GeoNode is the so-called Geonode Project. It consists of a custom Django Project template, which contains, in addition to the main project files, a set of Dockerfiles of GeoNode components, such as GeoServer, Nginx (reverse proxy) and PostGIS. From a detailed analysis of the components of the GeoNode Project created, it was found that the original dockerfiles contain a series of security holes and also unnecessary packages for the execution of the stack, not recommended for production environments. A Dockerfile that follows best practices eliminates the need to run privileged containers (as root), the use of unnecessary packages, leaked credentials, like mail passwords or database DSNs, or anything that could be used for an attack. Removing known risks in advance will reduce security management work and service overhead. The objective of this talk corresponds to discuss the possible security holes found in the Geonode Project and, with the application of best practices in Dockerfiles, to make it leaner and safer for production environments. For demonstration purposes, there will have a project to be used as an example and will be hosted at GitHub: geonode-br/hardening-geonode-docker.

Keywords

UsecasesAndapplications

FOSS4G Firenze 2022282 / 351

1

23:44

OpenLayers Feature Frenzy

2

03:58

From a national map publication platform to infinity. And beyond, of course.

3

24:10

State of deegree: What's new in 2022

4

16:14

"Earth in Colour" with EarthDaily Analytics

5

19:24

State of MovingPandas: analyze all those tracks (not just GPS)

6

21:33

An introduction to deck.gl for data visualization

7

17:21

Serverless Geospatial

8

14:39

Maps in Motion: Introduction to the STAC Video Extension

9

20:12

Cloud Optimized Point Cloud: Compressed, Geospatial, Lossless and Compatible Data Organization for Analysis Ready Point Cloud Data

10

03:19

Realtime multi-user mapping with MUDraw

11

18:03

Introduction to STAC API plugin in QGIS

12

20:04

OpenLog - Open Source drillhole data visualization in QGIS

13

22:05

State of GeoNode 2022

14

03:00

Cleaning and processing global resource data for game development

15

20:06

MapLibre GL 2.x - JavaScript maps with React, Vue.js, Svelte or Angular

16

21:13

Open Source Point Cloud Semantic Segmentation Using AI/ML

17

13:51

Cloud-Native Geospatial with JavaScript

18

17:19

GeoHealthCheck - QoS Monitor for Geospatial Web Services

19

19:10

HIECTOR: Hierarchical object detector for cost-efficient detection at scale

20

27:05

Data Management in Earth Observation - The Potential of Open Digital Twins of the Earth

21

16:08

Map Kibera Mapping Counties on OpenStreetMap

22

23:19

State of GeoWebCache

23

05:05

Connecting tribes: how we connected the GRASS GIS database natively to GeoServer

24

21:32

GeoNetwork and a11y: Introducing accessibility in OSGeo applications

25

20:45

State of Oskari (for end-users)

26

23:06

Human-in-the-loop Machine Learning with Realtime Model Predictions using GroundWork and Raster Vision

27

15:18

FOSS4G Firenze 2022 - Serving earth observation data with GeoServer: COG, STAC, OpenSearch and more...

28

04:51

The challenges and benefits of implementing OS geo within a large contracting company

29

06:01

Composing Software: Spatial for the JAMstack generation

30

03:17

Exploring Data Interoperability with STAC and the Microsoft Planetary Computer

31

04:36

The Open Source GIS Stack (OSGS)

32

20:13

Crowdsourcing the Future of Government Data: OpenStreetMap in the Public Domain

33

16:53

34

22:58

KartAi – An open living lab for Ai in Norway

35

19:15

Generation of 3D geometries with Artificial Intelligence for the prediction of volumetry of the Urban Code of the City of Buenos Aires

36

05:00

State of Oskari (for developers)

37

20:31

LERC, an innovative compression algorithm for raster data

38

19:15

Serving oblique aerial imagery using STAC and Cloud Optimized Geotiffs

39

22:29

State of GeoPandas and friends

40

25:39

YouthMappers: a global youth movement on open mapping for humanitarian and development action

41

22:49

State of GeoNetwork 2022

42

23:29

The State of Cloud-Native Geospatial

43

04:21

State of TerriaJS

44

19:08

News from actinia - let's STAC!

45

22:03

Streamlining QGIS workflows with PostgreSQL editable views and triggers

46

21:40

STAC Best Practices and Tools

47

27:10

FOSS4G Firenze 2022 - MapStore, a year in review

48

16:11

SkinnyWMS Meteorological Web Map Service

49

12:14

Open source at the European Commission 2022

50

20:48

Revamped INSPIRE Geoportal - Cooking the next generation of spatial data catalogues

51

17:31

EO Open Science Catalogue initiative by ESA

52

22:11

How to join OSGeo (for projects)

53

13:47

FAIR-ization of INSPIRE datasets

54

16:39

The Copernicus Data Store (CopDS) - a reimagining of the Copernicus Climate Change Service (C3S) Climate Data Store (CDS)

55

16:45

OSGeo community interactions

56

20:47

SMASH, state of the art of the digital field mapping project.

57

18:33

Take-Home Messages from Adding Code Quality Measures to GRASS GIS

58

23:55

UN Open GIS Initiative

59

17:48

Google Summer of Code with OSGeo

60

17:54

Openness - a Strategic Choice

61

19:58

Professional field data management with QField

62

22:26

Seamless fieldwork thanks to QFieldCloud

63

05:50

Just Enough GIS: Plugging Lightweight Mobile GIS into an Offline Field Data Collection Platform

64

03:58

The MAPME Initiative: Leveraging the power of open data and FOSS GIS to improve public expenditure in the development aid sector.

65

20:00

Visualizing climate risks for disaster reduction and climate resilience programs – Interactive open-source tools for analysts and decision makers to utilize Earth observation data

66

04:23

GeoPrism Registry - Using Spatial Knowledge Graphs for Managing and Integrating Geographic Data Over Time Across Multiple Information Systems

67

04:43

Geo-commons in France : review of current initiatives

68

18:49

Is it wrong to make money with FOSS4G technology?

69

21:39

Analysing access to UK public rights of way with the QGIS Graphical Modeler

70

21:23

openEO: Open Science for Earth Observation Research

71

17:35

Orfeo ToolBox: open source processing of remote sensing images

72

24:24

Mastering Security with GeoServer and GeoFence

73

04:42

Favoring Opensource Technologies for French Fire Brigades

74

14:48

Towards open and accessible weather forecast data

75

19:54

Implementation of INSPIRE in Lithuania: experience with the transition to FOSS4G

76

27:33

FOSS4G in the Solar System

77

02:10

Development of plugins in QGIS for the management of the Multipurpose Cadastre in the Government of Mexico City

78

15:34

Developing with MapStore; creating a custom dashboard to map crime data

79

17:33

OTB integration in operational processing chains

80

05:29

The Carto 2 Project

81

17:59

Early use of FOSS4G in a space start up

82

26:09

10 years of open-source software in emergency management: the case of the European Flood Awareness Service

83

03:35

10 years in Georepublic and OSGeo

84

18:36

Using QField to manage traffic sign inventory

85

18:25

Identifying new conservation areas: a web multi-criteria approach using Earth Observation and other spatial information

86

20:57

Maplandscape - an open-source geospatial workflow for agricultural landscape monitoring

87

19:00

Introduction to Spatial Data Outputs Platform - OpenStreetMap Galaxy

88

19:43

A vision for INSPIRE: from a traditional SDI to a self-sustainable data ecosystem

89

04:11

IOTA2: large scale land cover mapping operational chain

90

19:34

Redesigning GRASS GIS graphical user interface in a community-driven way

91

18:58

From the field to the desk - end to end mobile data capture in an enterprise environment.

92

21:15

Usage and contribution of FOSS at GISCO

93

19:36

OSGeoLive project report

94

16:26

Geofolio: Making Environmental Data Understandable and Accessible for Everyone

95

17:23

Pedological Information System of Piedmont Region in Italy

96

20:59

MobiDataLab - Labs for prototyping future mobility data sharing solutions

97

17:28

Creating Maps in GeoServer using CSS and SLD

98

19:13

State of GRASS GIS 2022

99

03:44

MapComponents, a new component framework for developing web map applications

100

18:15

QGIS Temporal Controller with WMS-T layers

101

18:23

Teaching GIS Through Geospatially Aware Agent-Based Modeling

102

18:19

Using GRASS GIS in Jupyter Notebooks: An Introduction to grass.jupyter

103

04:52

Automating Generating a Web Map from Online Tabular Data: UC Davis Potential Worksite Exposure Interactive Web Map

104

16:53

MDAL: mesh data in QGIS

105

04:23

EVRYMAP - An extensible web mapping framework based on Angular, NodeJS, Leaflet and Mapserver.

106

17:46

Effortless Aerial Data Management and Sharing: The DroneDB Ecosystem

107

20:27

Geospatial Indexing with Apache Lucene and OpenSearch

108

18:55

Surveying amenities for OSM at scale

109

18:18

DistrictBuilder, or how TopoJSON was the cause of and solution to all of our problems

110

19:59

Update on Modular OGC API Workflows specifications

111

19:43

A Moodle based complex system to teaching spatial data processing

112

24:10

Manipulating text with PostgreSQL - lesser known PG jewels

113

06:11

Web Mapping with Global Map Projections

114

20:57

Aerial Images to Maps: Technological Advancements with OpenDroneMap

115

19:34

Rockfall Quantitative Risk Assessment at a medium-large scale based on FOSS4G tools. An example of applications in the North-Western Alps

116

17:04

pygeofilter: geospatial filtering made easy

117

14:31

PgMetadata - A QGIS plugin to store the metadata of PostgreSQL layers inside the database, and use them inside QGIS

118

20:34

Write once, run anywhere: safe and reusable analytic modules for WebAssembly, Javascript, or more!

119

19:43

Designing dynamic forms in QGIS Desktop with expressions

120

26:47

Postgis Topology to secure data integrity, simple API and clean up messy simple feature datasets.

121

23:35

OpenAerialMap V2 Design and Development

122

04:14

Spatial data processing with workflow engines

123

03:57

Joint ESA-NASA Multi-Mission Algorithm and Analysis Platform (MAAP)

124

04:38

MapStore and geOrchestra, a match made in heaven

125

21:17

Spatio-temporal Database - Creating a high availability easily scalable Spatio-temporal database cluster with Postgres, PostGIS, and timescaleDB!

126

04:24

Geospatial and Apache Arrow: accelerating geospatial data exchange and compute

127

19:41

pycsw project status 2022

128

17:22

QGIS Server into the wild

129

03:58

Styling Natural Earth with GeoServer and GeoCSS

130

18:46

Web mapping at any scale: Bite-size, full-stack cartography with Protomaps + PMTiles open source tools

131

20:53

Political Reapportionment: Drawing Boundaries with QGIS

132

24:46

Status of OTBTF, the Orfeo ToolBox extension for deep learning

133

20:54

Gleo: Reinventing WebGL maps

134

15:00

Lidar classification, accuracy and change detection using the Norwegian open lidar data archive.

135

04:54

Scaling down web mapping

136

04:11

State of GeoBlaze: A Blazing Faster Raster Analysis Engine in Pure JavaScript

137

16:39

The benefits of COG (Cloud Optimized GeoTIFF) outside the cloud

138

14:41

OpenPlains - Is it the new web GRASS?

139

20:09

How to get a good response on stackexchange

140

16:02

QGIS MapTiler plugin v3- vector basemaps & global DEM for 3D terrain

141

20:52

State of OSM in QGIS

142

18:50

pygeoapi project status 2022

143

19:19

State of PDAL 2022

144

04:26

What’s new in geospatial Elasticsearch

145

03:32

A new SQL library to enable spatial analytics in Spark

146

02:57

Liven up your webmaps with custom microanimations

147

19:56

Introducing WIS 2.0 in a box: an open source and open standards platform for international weather, climate and water data discovery, access, and visualization

148

16:43

Geospatial data science for planning education systems

149

04:33

A Python tool for QGIS for gender recognition in street directories

150

22:06

MapServer - Make beautiful maps

151

18:33

Aggregating risk with H3 and PostGIS

152

05:11

Calculating school catchment areas - an open source solution

153

21:23

Building a Geocoder on top of PostGIS - a Field Report

154

15:49

geojson-vt for Highly Efficient Geojson Rendering in Open Layers

155

04:07

Building a scalable tiling service using Amazon API Gateway

156

15:37

Liberate your QGIS projects out of office with Mergin Maps

157

04:51

A crawler for spatial (meta)data as a base for Mapserver configuration

158

06:14

Development of Environmental Impact Assessments(EIA) Data Visualization System using FOSS4G - Phase I

159

25:34

Using COMTiles to reduce the hosting costs of large map tilesets in the cloud

160

04:19

Kaoto: Integrate your Architecture without coding

161

20:35

Creating GIS Rest APIS using Geodjango under 30 minutes

162

04:33

United Nations Mission in South Sudan GeoStories

163

04:01

EOEPCA - An Open Source Exploitation Platform

164

04:47

GC2/Vidi: What’s new in spatial data infrastructure project

165

13:37

MapMint: The service-oriented platform

166

20:18

Kart: an introduction to practical data versioning for rasters, vectors, tables, and point clouds

167

03:58

Data integrity risks when using simple feature

168

03:32

Dataviz in QGIS and on the web

169

05:07

Not too big, not too small: open source geospatial units that are just right

170

03:24

Mapserver layer handling, production, and management in larger scale environment

171

04:01

QGIS and Community: The QGIS Open Day

172

18:25

Open Data in OpenStreetMap’s RapiD Editor

173

03:57

New OS: @vcmap/core

174

28:00

Elevation data support in QGIS: 3D, profiles, point clouds and more!

175

04:41

Baremaps studio: dynamic vector tiles map rendering

176

04:50

Analysis Ready (Meta)Data

177

04:43

Matico: a new federated FOSS platform for spatial analysis, data management, visualization, and app building

178

03:31

QGIS Data Versioning with Kart

179

22:28

Tips for parallelization in GRASS GIS in the context of land change modeling

180

19:46

Publishing INSPIRE datasets in GeoServer made easy with Smart Data Loader and Features Templating

181

04:45

Sharing EO data with farmers and herders in the West African Sahel: Lessons from the GARBAL program

182

03:33

Geo-Infographics created dynamically from PostGIS using ST_AsSVG

183

04:25

FunctionalScope - Interactive real-time simulation tool for neighborhood planning

184

19:39

Fast rendering from vector tiles in deck.gl

185

14:53

Agile Geo-Analytics: Stream processing of raster- and vector data with dask-geomodeling

186

05:41

The most accurate cameras to generate map data from street-level imagery

187

03:51

Building a data analytics library in Python

188

03:58

yeoda: your earth observation data access

189

04:37

Use of FOSS4G at Gojek to automate map error detection at scale

190

19:05

State of MapServer 2022

191

04:00

Vision and Challenge of Re:Earth - an open source WebGIS platform using Cesium

192

03:46

Enrich styles and enhance styling process with OpenMapTiles

193

04:04

ZOO-Project: News about the Open WPS Platform

194

04:39

TOSCA – A Novel GIS-Toolkit in Support of Sustainable Urban Development

195

04:30

Pyotb: a pythonic extension of Orfeo ToolBox

196

19:00

TiTiler: Not just a tile server

197

04:46

Advanced QGIS forms into the web with Lizmap

198

20:53

Speeding up the RapiD map editor with WebGL and PixiJS

199

20:26

Building a common building's(!) open dataset using FOSS4G, open data and open governement.

200

21:23

20 Years of QGIS [community]

201

27:48

State of Bridge for QGIS

202

1:16:05

203

21:11

QGIS Feature Frenzy - What's New in the Last Year?

204

16:28

GeoServer Feature Frenzy

205

19:23

Re3gistry: Your interoperable open source tool for managing and sharing reference codes

206

20:13

Processing and publishing big data with GeoServer and Azure in the cloud

207

20:42

Are you lost? Get pgRouting to find your way

208

23:18

Open Back-End for Vector Tile Based Web Apps

209

13:43

Use of open source tools to estimate global GHG emissions.

210

17:24

OGC API Standards: Past, Present, and Towards an Exciting Future

211

19:38

QGIS & PostGIS : Tips & Tricks

212

16:47

Developing a topographic data production system based on open source

213

21:27

GeoServer-cloud: Cloud Native GeoServer in production environments

214

19:31

Vector tiles cartography tips and tricks

215

22:26

How to deal with a massive geographic database when surrounded by datascientists?

216

26:21

Deploying and operating GeoServer: a DevOps perspective

217

05:50

Building the Bloomberg for Climate Data with FOSS

218

13:48

State of GeoRasterLayer: A LeafletJS Plugin for Visualizing GeoTIFFs (and soon other rasters)

219

13:24

State of GeoServer 2022

220

23:02

Supporting precision farming with GeoServer: past experiences and way forward

221

19:01

geotiff.js - efficient GeoTIFF exploration in the browser and server

222

04:48

A tool for mapping fire burn severity and extent in watersheds for flood risk assessment

223

18:14

The GreenUr project: creating an application in QGIS to manage the impacts of urban green spaces on human health

224

22:54

We are Open! OGC and OSGeo Collaboration

225

17:04

Creating vector tiles with osm2pgsql

226

18:36

227

04:29

Where Is Everyone?: The Global Impact of COVID on Road Traffic

228

20:15

SensorThings API in practice: the AIR-BREAK project in Ferrara

229

21:07

State of Lizmap - Past / Present / Futur

230

22:45

Helping to Land a Mars Rover using FOSS4G Tools

231

22:49

A high performing data retrieval system for large and frequently updated geospatial datasets

232

18:57

From photographic survey to street-level imagery integration in an OpenSource webgis: complete workflow

233

20:00

ETF testing framework: past, present and future

234

04:39

Use of remote sensing and GIS processing for mapping Chestnut stands decline in Piemonte Region

235

03:48

Implementing OGC APIs using Elasticsearch and pygeoapi

236

17:39

GeoMapFish status: vector tiles!

237

16:40

swissgeol.ch - Geology in 3D: new features

238

05:37

Norwegian National SensorHub - sharing IoT data with open standards and technology

239

17:25

G3W-SUITE: an OS framework dedicated to the publication and management of QGIS projects as WebGis services

240

20:05

Easily publish your QGIS projects on the web with QWC2

241

18:53

How to Mapillary - Getting started with Street-level Mapping

242

19:33

243

04:18

Micronutrient Action Policy Support (MAPS) - A decision support tool for investigating the scale and geographic distribution of micronutrient availability in sub-Saharan Africa

244

20:58

pgRouting optimization: from technical to functional

245

19:56

Better productivity for QGIS plugin developers

246

15:49

Demystifing OGC APIs with GeoServer: introduction and status of implementation

247

05:36

ARCOS Platform for Monitoring of Arctic Region

248

17:49

OSM planet data to vector tiles in a few hours: OpenMapTiles & Planetiler

249

16:57

An open API for 3D-georeferenced historical pictures

250

20:00

Exploring the World’s Open Data Portals - Discovery, Visualisation and Analysis of Open Data with TerriaJS

251

05:51

The story of OSGeo in Oceania

252

13:30

A Graph-Based Road Conflation Method Preserving Connectivity

253

17:24

OpenSource to the rescue: the future of MapLibre

254

12:17

Rural water supply mapping by using FOSS4G application in Rwanda

255

21:43

FOSS4G and Open Data to the rescue: a European story!

256

18:48

Developing an UI for historical orthophotos timeseries data

257

14:34

Building Footprint Extraction in Vector Format Using pytorch_segmentation_models_trainer, QGIS Plugin DeepLearningTools and The Brazilian Army Geographic Service Building Dataset

258

03:44

Curated Major Map Features Library

259

04:36

Examination of Metro Stations Equal Accessibility for All using Open Data Kit (ODK) Applications: A Case Study of Noida City in India

260

03:44

Introducing Wayfarer - a Python Routing Library

261

22:19

Datahub: the confluence of open data and geo data

262

04:18

Open Source geospatial applications for energy and environment integration

263

17:55

Cluster Analysis

264

04:47

Using Terraform to manage HOTOSM's infrastructure as code

265

18:10

OpenMapTiles 3.14 - vector tiles from OpenStreetMap & Natural Earth Data

266

03:20

An Open-Source Mobile Geospatial Platform for Agricultural Landscape Mapping

267

03:52

MapFish Print, the classic printing component, a project update

268

16:33

Implementation of the Chinese Postman Problem in the Valhalla Routing Engine

269

04:10

Contributing to Geospatial Cloud Native Solutions

270

19:22

What is new in Giswater 3.5

271

21:36

UN Open GIS Initiative: Geopaparazzi Survey Server and SMASH for Mobile Data Collection in a UN Peacekeeping Mission (MONUSCO)

272

03:58

spatialEpisim: an open-source R Shiny app for tracking COVID-19 in low- and middle-income (LMIC) countries

273

04:56

The Freshwater Biodiversity Information System (FBIS) – mobilising data for monitoring freshwater ecosystems

274

03:46

Multi-branch Deep learning Based Transport Mode Detection using Weakly Supervised Labels

275

20:30

Multi-Sensor Feeder: Automated and Easy-To-Use Animal Monitoring Tool for Citizens

276

03:53

Buses moving on the map - use case of building web mapping portal

277

18:20

Collaborative validation of user-contributed data using a geospatial blockchain approach: the SIMILE case study

278

18:27

Sea water turbidity analysis from Sentinel-2 images: atmospheric correction and bands correlation

279

17:53

Mapping impacts of Covid-19 in Nairobi

280

16:07

Maintaining a national Aerial Image Registry with QGIS

281

20:28

UN Maps: OpenStreetMap supporting Peace and serving Humanity

282

05:27

Hardening a GeoNode Project – Some considerations about container security and optimization

283

14:03

Open Tech Collective: sharing HOT's journey

284

04:25

Classroom GIS in South Africa

285

24:41

European (Inspire) Data Tour

286

23:09

Pangeo Forge: Crowdsourcing Open Data in the Cloud

287

18:50

InforSAT: an online Sentinel-2 multi-temporal analysis toolset using R CRAN

288

15:29

Crowdsourced acoustic open data analysis with FOSS4G tools

289

16:00

Multiobjective analysis of open areas invaded by forest with open source software: the case of the SATURN project

290

20:53

Environmental monitoring management of waste from large excavations due to infrastructure buildings

291

18:33

Modeling of forest landscape evolution at regional level: a FOSS4G approach

292

03:38

The Africa Knowledge Platform

293

04:19

Mapping Historical "Street View" Images of New York City: Visualizing Geotagged Archival Photos

294

04:45

The Growth of OSM Communities in Tanzania Through Community Microgrants

295

20:35

The use of open source software for monitoring bee diversity in natural systems: the BEEMS project

296

04:26

How much “15-minutes” is your city? Using open data to measure walking proximity

297

04:32

Assessing land surface temperature in urban areas using open-source geospatial tools

298

15:11

Maplibre-rs: Toward portable map renderers

299

18:14

Classifying American Viticultural Areas Based on Environmental Data

300

05:47

From QGIS to Python: comparison of free and open tools for statistical analysis of cultural heritage and data representation

301

05:45

Geo-ICTs for Good: a MOOC on GIScience for Climate Justice

302

03:58

Efficient three-dimensional survey techniques and their comparison in open software in the archaeological test site of "Ninfeo maggiore" and "Ninfeo minore" of Formia (latina, Italy)

303

19:44

Computing Global Harmonic Parameters for Flood Mapping using TU Wien’s SAR Datacube Software Stack.

304

04:45

Analysis of Free and open Land Cover maps for agricultural land use planning at the local level

305

04:57

A knowledge graph prototype for national topographic data

306

05:09

Mapping the Chatter: Spatial Metaphors for Dynamic Topic Modelling of Social Media

307

18:45

2D/3D soil consumption tracking in a marble quarry district

308

18:33

OpenStreetMap Element Vectorisation - A tool for high resolution data insights and its usability in the land-use and land-cover domain

309

04:39

Mapping Mt. Ushba – How to create a high-quality topographic map from open data using free software

310

05:28

Scaling-up deep learning predictions of hydrography from IFSAR data in Alaska

311

19:32

Tourism, natural protected areas and Open Source Geospatial technologies

312

18:26

A method for universal superpixels-based regionalization (preliminary results)

313

16:08

Using Sentinel 2 images to quantify agricultural encroachment in Burkina Faso’s protected livestock reserves

314

03:48

Design and implementation of an Open-Source Web-GIS to manage the public works of Abruzzo Region: an example towards the digitalization of the management process of Public Administrations

315

15:23

Effect of water level on bird habitat at lake Maggiore

316

06:11

Development of Multi-dimensional Array Database Based Massive Satellite Information Processing and Analysis System: KIWI-Sat

317

04:09

Morphological Spatial Pattern Analysis: Open Source Release

318

04:01

Monitoring landslide displacements through maximum cross-correlation of satellite images

319

16:27

Tackling the challenges of software provision

320

16:37

Analysis of Local and Remote Mappers’ Open Geographic Data Contribution to Oil Spill Disaster Response in Niger Delta Region, Nigeria

321

19:10

Earth Observation DataCubes Multi-visualization Toolbox

322

04:00

Automatic assessment of lake health status using an open source approach: Lugano lake case study

323

19:58

Making Sense of the Noise: Integrating Multiple Analyses for Stop and Trip Classification

324

19:32

OGC API State of Play - A practical testbed for the National Spatial Data Infrastructure in Switzerland

325

03:54

Speed-related traffic accident analysis using GIS-based DBSCAN and NNH clustering

326

13:07

How to grow? -Modeling land use change to develop sustainable pathways for settlement growth in the hinterland of Cologne, Germany

327

20:30

An open-source-based workflow for DEM generation from Sentinel-1 for landslide volume estimation

328

05:28

Analysis of the spatiotemporal accumulation process of Mapillary data and its relationship with OSM road data: A case study in Japan

329

17:24

Geo Collector Bot: A Telegram-based open toolkit to support field data collection

330

28:58

An approach for real-time validation of the location of biodiversity observations contributed in a citizen science project

331

04:03

Remote mapping of soil erosion risk in Iceland

332

16:39

Deployment of AI-enhanced services in climate resilience information systems

333

05:24

OSGeo, Persistent Identifiers and the shape of things to come

334

04:07

Simulation of the effects of possible regulations for the location of wind and photovoltaic power plants in the Lazio Regional Administration (Italy)

335

04:03

The STAGA-Dataset: Stop and Trip Annotated GPS and Accelerometer Data of Everyday Life

336

21:18

Semantic querying in earth observation data cubes

337

03:56

Creating a land use/land cover dictionary based on multiple pairs of OSM and reference datasets

338

03:47

The Role of Open Standards in Digital Building Permitting, 3D Registration of Condominium, and Update of 3D City Models

339

23:53

Development of a graphical user interface to support the semi-automatic semantic segmentation of UAS-images

340

24:19

Laying the foundation for an artificial neural network for photogrammetric riverine bathymetry

341

22:04

Mainstreaming metadata into research workflows to advance reproducibility and open geographic information science

342

04:08

Development of a collaborative platform for intelligent territorial mapping of the city of Oran

343

19:28

Serving Geospatial Data using Modern and Legacy Standards: a Case Study from the Urban Health Domain

344

18:00

Geospatial data exchange using binary data serialization approaches

345

21:05

Developing a privacy-aware map-based cross-platform social media dashboard for municipal decision-making

346

19:07

Client-side Web Mapping system for vineyard suitability assessment

347

04:32

Who speaks for the forest? Participatory mapping and contested land cover classification in Central Bali, Indonesia

348

19:01

Exploring jittering and routing options for converting origin-destination data into route networks: towards accurate estimates of movement at the street level

349

19:53

RINX: A Solution for Information Extraction from Big Raster Datasets

350

18:13

Landslide susceptibility assessment: soil moisture monitoring data processed by an automatic procedure in GIS for 3D description of the soil shear strength

351

22:04

Photogrammetric processing and fruition of products in open-source environment applied to the case study of the Archaeological Park of Pompeii

Automatic playback

Speech

Text

Image

00:00

Moving averageComputer animation

00:10

Information securityVulnerability (computing)Product (business)BitMathematical optimizationRevision controlGoodness of fitComputer animation

00:39

Product (business)CodeComputer fileScripting languageMedical imaging1 (number)Computer animation

01:48

Level (video gaming)Computer-generated imageryInformation managementClefSource codeState of matterMathematicsInformation securityRevision controlGeometryInstallation artBinary fileComputer data loggingError messageScripting languageTheory of everythingEvent horizonSelf-organizationType theoryComputing platformCodierung <Programmierung>CompilerSineComputer fileLocal GroupVolumeBlogData typeGastropod shellContent (media)RootDevice driverVariable (mathematics)Singuläres IntegralTemplate (C++)PasswordKey (cryptography)DatabaseRepository (publishing)Information securityComputer fileServer (computing)Insertion lossMedical imagingVulnerability (computing)Exception handlingTransformation (genetics)Default (computer science)PasswordRevision controlReliefArithmetic progressionAxiom of choiceMultiplication signNumberMathematicsLevel (video gaming)2 (number)Entire functionBuildingWeb 2.0Marginal distributionHazard (2005 film)Source codeXMLComputer animation

05:22

Computer animation

Transcript: English(auto-generated)

00:02

The speaker is Carlos Eduardo Mota, hardening a geonode project, some considerations about container security and optimisation. Okay, good morning. I will discuss here about some security holes that we have found into the geonode

00:25

project using the 3.3 version. And I will show some little bits of code, a lot of Docker files to show how it's not suitable for production yet.

00:40

And in five minutes I will try to solve this problem. Is geonode on Docker suitable for production? In the geonode documentation there are some documents about how to put geonode in production, but some of the code, the scripts inside the project, it has a lot of little problems

01:09

and I will show you some of them. So, I will start to talk to you about the ten amendments of securing a Docker image.

01:22

There is ten little holes that we have to execute, to put on our Docker files, but I will make it more attention. We have light here. Oh, yes. And I will give some access to these red ones.

01:47

Let's see. The first update done into the Docker file images is only to change the base image. It's a little update on the Docker file, but it has some big problems there.

02:08

Changing the base image to Python 3.8.90, the most recent 3.8 version, solves a lot of critical vulnerabilities we have on the image.

02:22

The full Python used on geonode has about 61 issues and the most recent Python 3.8 has about 48 issues either. And this changing of the Docker file allows us to get the latest security features, not

02:49

only in the Python version, but either in the Linux version, the Debian version. Geonode uses the Buster Debian version, and so he inserts a Bullseye repository into

03:07

the Docker file. Upgrading to Bullseye, there's no need to do this. Let's show the second. Remember, we are going to 612 vulnerabilities to at least 48.

03:24

Okay. The second is to break the entire Docker file into stages of building. First we build the dependencies and then we copy the virtual web created to the release

03:42

image. And so it makes our Docker file more simple and vulnerability less. We fall from 76.3 to 339 issues.

04:02

The other simple change that we do is to literally eliminate the Hoot user into the Docker file, preventing a lot of problems that we can have. The special hazards obtained about these simple changes is to reduce the size margin for

04:24

at least four times minutes. The number of layers to 490 to 29, this is either a good choice. And the vulnerabilities to 76.3 to 339 and can lower more if we apply some lynching into

04:44

the Docker file and correct some little problems. And this is a work in progress for us. We are living to handle sensitive data except on the passwords and so on.

05:03

Finishing. We want to do the same into the GeoServer, GeoNode, the Docker file, and transform into a GeoNode project to put it on public to whoever wants to contribute and make some

05:21

suggestions. Okay, sorry for my poor English, thank you so much.