Comments (12)
Has the Office365 connector been removed from this repo? I can find it in 8.3 but not main
from connectors-ruby.
the connector that is in the 83 branch is for Workplace Search the standalone product and is restricted to the 8.3 branch. The new Office 365 connector that is broadly applicable for unified search architectures and Elastic will be found in https://github.com/elastic/connectors-python
from connectors-ruby.
Are there any plans to redo the connector security component?
Yes. We'd love your feedback on the new proposals.
from connectors-ruby.
@serenachou is this the right file for Sharepoint Online? It doesn't seem to do security at all, is that out of scope for new system? https://github.com/elastic/connectors-python/blob/main/connectors/sources/sharepoint.py
Is Elasticsearch Workplace Search connectors still being worked on? At the moment the document security doesn't really work is the problem...
from connectors-ruby.
Is Elasticsearch Workplace Search connectors still being worked on?
The code you're looking at for the connector package is not being actively worked on - as they're in a stable state for the Workplace Search product experience. However, where we are actively iterating is to elevate a SharePoint Online open code connector to be available for Elasticsearch & Enterprise Search use cases as part of the connector framework that you've linked to in the python connectors.
from connectors-ruby.
It doesn't seem to do security at all, is that out of scope for new system? https://github.com/elastic/connectors-python/blob/main/connectors/sources/sharepoint.py
Adding additional document level security is on our roadmap for this connector but isn't in that version yet. we'd love and welcome your feedback for that!
so tell us exactly what you mean by "document security doesn't really work"?
from connectors-ruby.
☝️ echoing that request, I'd also like to understand what you mean when you say, "there are a number of issues, particularly around documents restricted to groups." @catmanjan . Concrete examples with expected behavior vs actual behavior would be helpful. None of the engineers on this projects should be considered "Sharepoint experts", so please don't feel bad over-sharing context - it may be helpful.
from connectors-ruby.
@seanstory @serenachou we've tested the connector at a client site and found many MANY cases where users are shown documents they shouldn't - we've narrowed down those scenarios to particular flaws in the implementation (thanks to it being open source)
I would go into more detail but there is a financially blurred line...
I just wanted to check if you were aware there are issues with the security side of things, and it sounds like you kind of are because you are now reimplementing the whole connector?
from connectors-ruby.
I just wanted to check if you were aware there are issues with the security side of things, and it sounds like you kind of are because you are now reimplementing the whole connector?
I think this is a misunderstanding. We're building a new connector framework for a variety of reasons. This new connector framework doesn't currently support DLS, but we're working to add that support. As we do, we're taking lessons learned from our previous implementation, and attempting to make improvements. However, we aren't currently looking at dramatic changes to our understanding of the Sharepoint security model - we're looking at just implementing our previous understanding closer to the Elastic stack, and with less burden on the operator. The single exception is that we're hoping to provide support for Site Pages and their dynamic contents based on permissions. But as site pages weren't even included in the old connectors, I don't think that's what you're talking about.
I would go into more detail but there is a financially blurred line...
I don't understand what's blurry. If you have found bugs in our security implementation and would like them fixed, you'll need to help us understand what issues you've encountered. If they are too sensitive to post here, please utilize our security policy.
we've narrowed down those scenarios to particular flaws in the implementation (thanks to it being open source)
Just to be explicit, which open source implementation are you referencing? There are several out there under the Elastic umbrella, and I want to be sure we're talking about the same code.
from connectors-ruby.
I don't understand what's blurry.
The blurry part is financial, AKA why work for free
Just to be explicit, which open source implementation are you referencing? There are several out there under the Elastic umbrella, and I want to be sure we're talking about the same code.
The one in this repo and the python one have the problem
from connectors-ruby.
The blurry part is financial, AKA why work for free
As per our security policy, we have a bug bounty program, if you mean that you don't want to report a security issue without being paid for it.
from connectors-ruby.
@seanstory interesting thanks for the link, unfortunately the numbers are way too low to be worthwhile in my country
from connectors-ruby.
Related Issues (7)
- TZInfo::DataSourceNotFound - No source of timezone data could be found.
- make api_key does not seem to be working on Windows 11 HOT 4
- Unable to validate the web server HOT 2
- This is another test (ruby)
- [SharePoint] Extend Metadata Indexing to custom one HOT 1
- [SharePoint] Only traverse groups that user has access to and handle GraphAPI request errors
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from connectors-ruby.