[ckan-dev] Restricting Access to Private Resources on CKAN

Nigel Babu nigel.babu at okfn.org
Fri Jan 31 02:25:57 UTC 2014


Hi Sajan,

The main reason we decided to drop support was simplicity. The old
filestore wasn't very well connected with CKAN. It was hard to modify that
system to deal with permissions or restricting file sizes across 3
different backends.  Additionally, we had a few issues with pairtree and
google cloud in the past anyway.

Nigel Babu

Developer  |  @nigelbabu <https://twitter.com/nigelbabu>

The Open Knowledge Foundation <http://okfn.org/>

Empowering through Open Knowledge

http://okfn.org/  |  @okfn <http://twitter.com/OKFN>  |  OKF on
Facebook<https://www.facebook.com/OKFNetwork> |
Blog <http://blog.okfn.org/>  |  Newsletter<http://okfn.org/about/newsletter>

 CKAN | http://ckan.org/ | @CKANproject
<http://twitter.com/CKANproject> |the world’s leading open-source data
portal platform


On 31 January 2014 00:42, Sajan Ravindran <sajanravindran at gmail.com> wrote:

> Nigel,
>
> Just was curious, was there any specific design or technical reason why
> the support for S3 or Google Cloud is being removed in 2.2 ?
>
> Would be great if you could me know as it would make the decision of
> choosing alternatives for storage a bit easier.
>
> Thanks again!
>
> Regards,
> Sajan
>
>
>
> On Thu, Jan 30, 2014 at 9:47 AM, Sajan Ravindran <sajanravindran at gmail.com
> > wrote:
>
>> Thank you Nigel. Was not aware of this. I will try out the solution
>> suggested by Steve, otherwise will wait for the release next week and make
>> the corresponding changes for storage,
>>
>>
>> On Thu, Jan 30, 2014 at 1:36 AM, Nigel Babu <nigel.babu at okfn.org> wrote:
>>
>>> We are aware of this problem and this is why the filestore was changed
>>> in 2.2 (to be released next week). The new filestore checks if the user
>>> accessing a file is logged in and if they have access. However, it doesn't
>>> support S3 or Google Cloud anymore because of the implementation change.
>>>
>>> Nigel Babu
>>>
>>> Developer  |  @nigelbabu <https://twitter.com/nigelbabu>
>>>
>>> The Open Knowledge Foundation <http://okfn.org/>
>>>
>>> Empowering through Open Knowledge
>>>
>>> http://okfn.org/  |  @okfn <http://twitter.com/OKFN>  |  OKF on Facebook<https://www.facebook.com/OKFNetwork> |
>>> Blog <http://blog.okfn.org/>  |  Newsletter<http://okfn.org/about/newsletter>
>>>
>>>  CKAN | http://ckan.org/ | @CKANproject <http://twitter.com/CKANproject>|the world’s leading open-source data portal platform
>>>
>>>
>>> On 29 January 2014 23:00, Sajan Ravindran <sajanravindran at gmail.com>wrote:
>>>
>>>> Hi,
>>>>
>>>> We have currently a setup of CKAN ( 2.1 ) on EC2 and have the filestore
>>>> installed on S3. Currently, the data which we have is a combination of
>>>> public and private ( as it needs to be verified ).  We are running into an
>>>> issue with the private resources.
>>>>
>>>> Though access to the private resources is restricted via CKAN, once
>>>> someone gets access to the S3 url of CKAN's filestore, the resource gets
>>>> easily downloaded. We are especially concerned about this as this data is
>>>> unverified. Is there any way by which downloading resources via this URL
>>>> can be restricted without affected CKAN's functionality?
>>>>
>>>> Any help would be greatly appreciated.
>>>>
>>>> Thanks,
>>>> Sajan
>>>>
>>>> _______________________________________________
>>>> ckan-dev mailing list
>>>> ckan-dev at lists.okfn.org
>>>> https://lists.okfn.org/mailman/listinfo/ckan-dev
>>>> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>>>>
>>>>
>>>
>>> _______________________________________________
>>> ckan-dev mailing list
>>> ckan-dev at lists.okfn.org
>>> https://lists.okfn.org/mailman/listinfo/ckan-dev
>>> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>>>
>>>
>>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20140131/d0b78e99/attachment-0003.html>


More information about the ckan-dev mailing list