Trusted remote tracks

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Trusted remote tracks

Keiran Raine
Hi all,

We use remote tracks for several data types in our internal system (and potentially would like to in our public site).  I am aware that Safe::World does not work with later versions of perl however has there been any consideration of adding the ability to add trusted URLs to the configuration files so that glyph and tooltips can be displayed without the need for Safe::World?

e.g. in GBrowse.conf



Obviously this type of functionality should only be used for sources you control.

Is this something that could be implemented relatively easily?  I'd be happy to test.

Regards,

Keiran Raine
Senior Computer Biologist
The Cancer Genome Project
Ext: 7703






-- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a compa ny registered in England with number 2742969, whose registered office is 2 15 Euston Road, London, NW1 2BE.

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Gmod-gbrowse mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse
Reply | Threaded
Open this post in threaded view
|

Re: Trusted remote tracks

Weeks, Nathan
Re: [Gmod-gbrowse] Trusted remote tracks

I've implemented this on GBrowse 1.x before to allow the use of callbacks for
bgcolor & fgcolor by adding a parameter to the Bio::Graphics::FeatureFile
constructor in get_remote_upload() in RemoteSet.pm; e.g.:

Bio::Graphics::FeatureFile->new(
...
       -safe => (index($url, 'http://my.trusted.host/') == 0) ? 1 : 0
...

While unsatisfying from an engineering perspective, it is easy to implement, if
you need a quick solution soon.

I haven't tested this in the GBrowse 2.x version of RemoteSet.pm, but the code
looks similar. 

--
Nathan Weeks
USDA-ARS
SoyBase http://soybase.org

On 27 January 2011 12:06, Keiran Raine <[hidden email]> wrote:
> Hi all,
>
> We use remote tracks for several data types in our internal system 
> (and potentially would like to in our public site).  I am aware that 
> Safe::World does not work with later versions of perl however has 
> there been any consideration of adding the ability to add trusted URLs 
> to the configuration files so that glyph and tooltips can be displayed 
> without the need for Safe::World?
>
> e.g. in GBrowse.conf
>
> trusted_remote_url = http://intweb.sanger.ac.uk/cgi-bin/cancer/cosmic.cgi
> trusted_remote_url = http://intweb.sanger.ac.uk/cgi-bin/cancer/next_gen.cgi
> trusted_remote_url = http://intweb.sanger.ac.uk/cgi-bin/cancer/live_results.cgi
>
>
> Obviously this type of functionality should only be used for sources 
> you control.
>
> Is this something that could be implemented relatively easily?  I'd be 
> happy to test.
>
> Regards,
>
> Keiran Raine
> Senior Computer Biologist
> The Cancer Genome Project
> Ext: 7703
> [hidden email]
>



------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Gmod-gbrowse mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse
Reply | Threaded
Open this post in threaded view
|

Re: Trusted remote tracks

Keiran Raine
Hi Nathan,

Thanks for your suggestion, however despite making in-roads that have improved the approach so it can be controlled from the datasource config files I can't get this to work.

I've attached a patch which gets all of the relevant data into place but it seems that the callbacks are still ignored.

Add the a 'trusted_url' directive to your datasource config file where you would also the 'allow remote callbacks' indicator

e.g.
allow remote callbacks = 1

Keiran Raine
Senior Computer Biologist
The Cancer Genome Project
Ext: 7703


-- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a compa ny registered in England with number 2742969, whose registered office is 2 15 Euston Road, London, NW1 2BE.




On 27 Jan 2011, at 14:48, Weeks, Nathan wrote:

I've implemented this on GBrowse 1.x before to allow the use of callbacks for
bgcolor & fgcolor by adding a parameter to the Bio::Graphics::FeatureFile
constructor in get_remote_upload() in RemoteSet.pm; e.g.:

Bio::Graphics::FeatureFile->new(
...
       -safe => (index($url, 'http://my.trusted.host/') == 0) ? 1 : 0
...

While unsatisfying from an engineering perspective, it is easy to implement, if
you need a quick solution soon.

I haven't tested this in the GBrowse 2.x version of RemoteSet.pm, but the code
looks similar. 

--
Nathan Weeks
USDA-ARS
SoyBase http://soybase.org

On 27 January 2011 12:06, Keiran Raine <[hidden email]> wrote:
> Hi all,
>
> We use remote tracks for several data types in our internal system 
> (and potentially would like to in our public site).  I am aware that 
> Safe::World does not work with later versions of perl however has 
> there been any consideration of adding the ability to add trusted URLs 
> to the configuration files so that glyph and tooltips can be displayed 
> without the need for Safe::World?
>
> e.g. in GBrowse.conf
>
> trusted_remote_url = http://intweb.sanger.ac.uk/cgi-bin/cancer/cosmic.cgi
> trusted_remote_url = http://intweb.sanger.ac.uk/cgi-bin/cancer/next_gen.cgi
> trusted_remote_url = http://intweb.sanger.ac.uk/cgi-bin/cancer/live_results.cgi
>
>
> Obviously this type of functionality should only be used for sources 
> you control.
>
> Is this something that could be implemented relatively easily?  I'd be 
> happy to test.
>
> Regards,
>
> Keiran Raine
> Senior Computer Biologist
> The Cancer Genome Project
> Ext: 7703
> [hidden email]
>




------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Gmod-gbrowse mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse

RemoteSet.diff (358 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Trusted remote tracks

Lincoln Stein
Hi Keiran,

Your solution sounds workable. I think it can be implemented pretty easily.

Lincoln

On Tue, Feb 1, 2011 at 11:49 AM, Keiran Raine <[hidden email]> wrote:
Hi Nathan,

Thanks for your suggestion, however despite making in-roads that have improved the approach so it can be controlled from the datasource config files I can't get this to work.

I've attached a patch which gets all of the relevant data into place but it seems that the callbacks are still ignored.

Add the a 'trusted_url' directive to your datasource config file where you would also the 'allow remote callbacks' indicator

e.g.
allow remote callbacks = 1

Keiran Raine
Senior Computer Biologist
The Cancer Genome Project
Ext: 7703


-- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a compa ny registered in England with number 2742969, whose registered office is 2 15 Euston Road, London, NW1 2BE.




On 27 Jan 2011, at 14:48, Weeks, Nathan wrote:

I've implemented this on GBrowse 1.x before to allow the use of callbacks for
bgcolor & fgcolor by adding a parameter to the Bio::Graphics::FeatureFile
constructor in get_remote_upload() in RemoteSet.pm; e.g.:

Bio::Graphics::FeatureFile->new(
...
       -safe => (index($url, 'http://my.trusted.host/') == 0) ? 1 : 0
...

While unsatisfying from an engineering perspective, it is easy to implement, if
you need a quick solution soon.

I haven't tested this in the GBrowse 2.x version of RemoteSet.pm, but the code
looks similar. 

--
Nathan Weeks
USDA-ARS
SoyBase http://soybase.org

On 27 January 2011 12:06, Keiran Raine <[hidden email]> wrote:
> Hi all,
>
> We use remote tracks for several data types in our internal system 
> (and potentially would like to in our public site).  I am aware that 
> Safe::World does not work with later versions of perl however has 
> there been any consideration of adding the ability to add trusted URLs 
> to the configuration files so that glyph and tooltips can be displayed 
> without the need for Safe::World?
>
> e.g. in GBrowse.conf
>
> trusted_remote_url = http://intweb.sanger.ac.uk/cgi-bin/cancer/cosmic.cgi
> trusted_remote_url = http://intweb.sanger.ac.uk/cgi-bin/cancer/next_gen.cgi
> trusted_remote_url = http://intweb.sanger.ac.uk/cgi-bin/cancer/live_results.cgi
>
>
> Obviously this type of functionality should only be used for sources 
> you control.
>
> Is this something that could be implemented relatively easily?  I'd be 
> happy to test.
>
> Regards,
>
> Keiran Raine
> Senior Computer Biologist
> The Cancer Genome Project
> Ext: 7703
> [hidden email]
>




------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Gmod-gbrowse mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse




--
Lincoln D. Stein
Director, Informatics and Biocomputing Platform
Ontario Institute for Cancer Research
101 College St., Suite 800
Toronto, ON, Canada M5G0A3
416 673-8514
Assistant: Renata Musa <[hidden email]>

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Gmod-gbrowse mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse
Reply | Threaded
Open this post in threaded view
|

Re: Trusted remote tracks

Keiran Raine
In reply to this post by Keiran Raine
Hi Lincoln,

Thats great.  FYI, I can confirm the user accout db migration was successful with the latest release.

Regards,
Keiran

Keiran Raine

Senior Computer Biologist
The Cancer Genome Project
Ext: 7703

Sent from my HTC Desire Z


-----Original Message-----
From: Lincoln Stein [[hidden email]]
Received: Tuesday, 01 Feb 2011, 17:43
To: Keiran Raine [[hidden email]]
CC: Weeks, Nathan [[hidden email]]; [hidden email] [[hidden email]]
Subject: Re: [Gmod-gbrowse] Trusted remote tracks


Hi Keiran,

Your solution sounds workable. I think it can be implemented pretty easily.

Lincoln

On Tue, Feb 1, 2011 at 11:49 AM, Keiran Raine <[hidden email]> wrote:

> Hi Nathan,
>
> Thanks for your suggestion, however despite making in-roads that have
> improved the approach so it can be controlled from the datasource config
> files I can't get this to work.
>
> I've attached a patch which gets all of the relevant data into place but it
> seems that the callbacks are still ignored.
>
> Add the a 'trusted_url' directive to your datasource config file where you
> would also the 'allow remote callbacks' indicator
>
> e.g.
> allow remote callbacks = 1
> trusted_url = http://someurl.some.where.com/
>
> Keiran Raine
> Senior Computer Biologist
> The Cancer Genome Project
> Ext: 7703
> [hidden email]
>
>
> -- The Wellcome Trust Sanger Institute is operated by Genome Research
> Limited, a charity registered in England with number 1021457 and a compa ny
> registered in England with number 2742969, whose registered office is 2 15
> Euston Road, London, NW1 2BE.
>
>
>
>
> On 27 Jan 2011, at 14:48, Weeks, Nathan wrote:
>
>  I've implemented this on GBrowse 1.x before to allow the use of callbacks
> for
> bgcolor & fgcolor by adding a parameter to the Bio::Graphics::FeatureFile
> constructor in get_remote_upload() in RemoteSet.pm; e.g.:
>
> Bio::Graphics::FeatureFile->new(
> ...
>        -safe => (index($url, 'http://my.trusted.host/') == 0) ? 1 : 0
> ...
>
> While unsatisfying from an engineering perspective, it is easy to
> implement, if
> you need a quick solution soon.
>
> I haven't tested this in the GBrowse 2.x version of RemoteSet.pm, but the
> code
> looks similar.
>
> --
> Nathan Weeks
> USDA-ARS
> SoyBase http://soybase.org
>
> On 27 January 2011 12:06, Keiran Raine <[hidden email]> wrote:
> > Hi all,
> >
> > We use remote tracks for several data types in our internal system
> > (and potentially would like to in our public site).  I am aware that
> > Safe::World does not work with later versions of perl however has
> > there been any consideration of adding the ability to add trusted URLs
> > to the configuration files so that glyph and tooltips can be displayed
> > without the need for Safe::World?
> >
> > e.g. in GBrowse.conf
> >
> > trusted_remote_url =
> http://intweb.sanger.ac.uk/cgi-bin/cancer/cosmic.cgi
> > trusted_remote_url =
> http://intweb.sanger.ac.uk/cgi-bin/cancer/next_gen.cgi
> > trusted_remote_url =
> http://intweb.sanger.ac.uk/cgi-bin/cancer/live_results.cgi
> >
> >
> > Obviously this type of functionality should only be used for sources
> > you control.
> >
> > Is this something that could be implemented relatively easily?  I'd be
> > happy to test.
> >
> > Regards,
> >
> > Keiran Raine
> > Senior Computer Biologist
> > The Cancer Genome Project
> > Ext: 7703
> > [hidden email]
> >
>
>
>
>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better
> price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> Gmod-gbrowse mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse
>
>

--
Lincoln D. Stein
Director, Informatics and Biocomputing Platform
Ontario Institute for Cancer Research
101 College St., Suite 800
Toronto, ON, Canada M5G0A3
416 673-8514
Assistant: Renata Musa <[hidden email]>



--
 The Wellcome Trust Sanger Institute is operated by Genome Research

 Limited, a charity registered in England with number 1021457 and a
 compa
ny registered in England with number 2742969, whose registered
 office is 2
15 Euston Road, London, NW1 2BE.



------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Gmod-gbrowse mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse