Demo Server Unstable

dkayiwa · July 18, 2018, 12:15pm

Of late, the demo server has been unstable with times when it even fails to start OpenMRS. I have noticed that it at times has modules which are not part of the reference application (most likely cause of the instability) as you can see examples like radiology here: https://demo.openmrs.org/openmrs/admin/modules/module.list

Since its web interface is configured not to allow installation of modules, could it be that some one is using other means to upload modules to it? Like via REST?

@cintiadr @burke

reubenv · July 18, 2018, 6:45pm

@dkayiwa I guess there are other ways to upload a module. One such method is possibly using this OWA.

dkayiwa · July 18, 2018, 7:01pm

That must be it. Thanks @reubenv for pointing it out.

@suthagar23 can you use this https://github.com/openmrs/openmrs-module-owa/pull/48 to prevent the upload of modules? We did this for the Andela addon manager owa.

dkayiwa · July 18, 2018, 7:57pm

@suthagar23 you could use this end point: https://github.com/openmrs/openmrs-module-owa/pull/61

suthagar23 · July 19, 2018, 2:38am

Thanks @dkayiwa for pointing it out. Let me check it

r0bby · July 28, 2018, 9:41pm

That’s the same security hole that exists if uploading modules via the UI were enabled…all someone would have to do is know that this is enabled and BAM, they uploaded a module…

suthagar23 · August 30, 2018, 6:57am

Just started work on this @dkayiwa : [SAD-20] - OpenMRS Issues

reubenv · August 30, 2018, 7:02am

Great @suthagar23 . If you have it ready soon enough, it can be part of the next release

suthagar23 · August 30, 2018, 7:04am

Not only this, I hope to put a new version 1.2 along with the Ref App 2.9