Web interface without admin interface (read-only) about cve-search HOT 8 CLOSED

If you turn on the login, and leave the database empty, people will not be able to log in. Only logged in users can perform changes. I don't think this should be a problem.

Debug: False
SSL: True
LoginRequired: True

from cve-search.

This works but I would like to get rid of the non-used url paths (as a security measure) to avoid exposing code that we don't need for public services. I would like to remove the option box for the black/white-list parts.

Do you mind if I add an option for the web interface:

Minimal: True

and update the code to check the option and disable the unnecessary parts when minimal is active.

Cheers

from cve-search.

I do not mind, but I have a feeling that having checks all over the code might become messy. Maybe make a "minimal" branch of cve-search? Or how would you do it, within the code?

from cve-search.

Indeed, I just checked and that's a lot of test-case. Maybe I'll do a minimal index.py and move some of the functions in the library.

from cve-search.

Just a question, why did you remove the search option in the minimal version? Also, the logo doesn't quite fit in the menu. Do I fix this?

from cve-search.

I asked 3 users, they all tried to do cpe search in the form... So until we have a full-blown cpe search in the form, I preferred to remove it in the minimal version. Until now, they can use the browse functionality.

The logo should be a bit over to have the corner outside. So it's by design ;-)
If you see something else, let me know. (I sent you a private email with a test temporary url)

from cve-search.

Would you also make an "api only" script? or a way to disable the web pages in the minimal?

from cve-search.

This has been implemented in the minimal-web interface. I'll create another issue for the API only interface.

from cve-search.