The ArcGIS Online Security Advisor has been updated with an Editor.
The November 2020 release focuses on providing an editor in the HTTP Check to update HTTP references that are defined within an items JSON data.
The best way to access and use the Security Advisor is from the ArcGIS Trust Center.
ArcGIS Online will be enforcing HTTPS only references next week on Tuesday 12/8/2020.
Release Notes
HTTP Check:
- Reverted scan engine to previous release due to Customers having issue running scans.
- Added editor to directly modify and save the item data. This is experimental – Use at your own risk. Make sure to back up your data first!
- Updated http:// parser to scan bigger chunks of text data. Previously, the parser would stop at the first occurrence of http://.
- Removed item attributes from results.
- Known issue: The browser may quit or exit the advisor when using the editor with a high number of returned items.
By including this editor, users are able to directly modify an item’s data to change HTTP references. Before you use the editor, make sure your data is backed up – ArcGIS Enterprise, ArcGIS Online
Note: this module will be removed from the Security Advisor with the ArcGIS Online March 2021 update.
Public FS Edit Check [BETA]: This module analyzes and displays feature services that are public and editable.
“Feature services allow you to serve feature data and nonspatial tables over the Internet or your intranet. This makes your data available for use in web clients, desktop apps, and field apps.
As the publisher of a feature service, you determine what functionality is available to the people who use the feature service, define the styling used when displaying the features, and define templates for editing data. When people access your feature service, they can view your data and the data associated with it through relationship classes. They can use your feature service in the maps and apps they create and, if you allow it, they can edit the data in the feature service.” [reference]
Features services that are public and editable can be modified by anonymous sources which may impact those maps and apps that are using them.
For more information regarding feature services settings, please review the “Discovering and Securely Configuring Public Survey Results” document found in the documents tab in the ArcGIS Trust Center.
Questions?
If you have any questions visit the ArcGIS Trust Center where we have security and privacy information. If your not able to find what you are looking for, please reach out to the Software Security & Privacy Team at softwaresecurity@esri.com
– Esri Software Security & Privacy Team
Commenting is not enabled for this article.