[ome-devel] Plan for transferring data from one OMERO to another

William Moore (Staff) W.Moore at dundee.ac.uk
Mon Dec 11 13:37:45 GMT 2017 

Hi Eilidh,

I’ve opened at PR for this in web: https://github.com/openmicroscopy/openmicroscopy/pull/5598 and Jean-Marie tells me
that it should also be doable in Insight, so I’ve created a card at
https://trello.com/c/C3EqebXJ/61-script-parameter-password
These are likely to be included in the next release of OMERO.

Apart from the visibility of the password in the script UI, it’s important to be aware of other places that the password
could be exposed to others:

 - The connection between Insight and OMERO is not encrypted by default (except for the login). We’ll look at using encrypted connection when submitting script parameters containing passwords, but in the meantime there is the potential for this data to be read.
 - Make sure you’re not logging or printing the script params (as we do in many of our example scripts). Currently, Blitz.log and Processor.log don’t log script params but make sure you don’t log them yourself.
 - If you’re using the webclient, you should use https to encrypt the connection between the browser and OMERO.web.
 - Currently in webcilent, errors in the handling of script submission are not handled well (display error on page instead of displaying feedback error submission page). This shouldn’t lead to any exposure of passwords, but be careful not to submit feedback etc that contains the password and if you think you might have done, then be sure to change your password.


Regards,

  Will.


On 8 Dec 2017, at 11:55, Eilidh Troup <e.troup at epcc.ed.ac.uk<mailto:e.troup at epcc.ed.ac.uk>> wrote:

Hi Josh,

Thanks very much. This is a screenshot from running the script in OMERO.insight. I’d like the text entered in the password to be hidden, like this *****.

Eilidh

<PastedGraphic-2.png>

On 7 Dec 2017, at 14:39, Josh Moore <josh at glencoesoftware.com<mailto:josh at glencoesoftware.com>> wrote:

Hi Eilidh,

On Tue, Dec 5, 2017 at 10:51 PM, Eilidh Troup <e.troup at epcc.ed.ac.uk<mailto:e.troup at epcc.ed.ac.uk>> wrote:
Hi Josh,

Thanks for your help. I can now transfer an image from one OMERO to another
: )

Congratulations.


I’ve put the latest version of the script at
https://github.com/SynthSys/omero-user-scripts/blob/master/Export_to_other_omero.py

I’ve got more questions though:
How can I find the managed repository directory? (Something like
omero.managed.dir, Default: ${omero.data.dir}/ManagedRepository ?)

In [2]: client.sf.getConfigService().getConfigValue("omero.managed.dir")


How can I hide the password text entry?

Where are you seeing password text entry?


How can I get the newly created image id? It is printed to stdout as
"Image:920" for example, but I don't know how to get hold of that number in
my script.

You can use something like:

  import sys
  old_stdout = sys.stdout
  sys.stdout = open(temporary_file_name, "w")
  try:
      # do import
  finally:
      sys.stdout = old_stdout


Also, the docker script you sent didn’t quite work (don’t worry about it
though, I got what I needed from your example) - I got this error when I ran
the python script:

bash-4.2$ python /gist/export_to_remote_omero.py
Traceback (most recent call last):
...
::Glacier2::PermissionDeniedException
{
   reason = internal server error
}

Alright. If you'd like to investigate further, we'll need the server logs.


Thanks,
Eilidh

All the best,
~Josh


On 10 Nov 2017, at 09:22, Josh Moore <josh at glencoesoftware.com<mailto:josh at glencoesoftware.com>> wrote:

Hi Elidh,

On Thu, Nov 9, 2017 at 5:07 PM, Eilidh Troup <e.troup at epcc.ed.ac.uk<mailto:e.troup at epcc.ed.ac.uk>> wrote:

Hi,

I’ve run into a similar problem as last time.


Turns out, there's a similar solution.

I’ve written a script that
will upload an image to a remote OMERO server, but only from the python
command line, and not from within a script running in a local OMERO. As
before, the script will work from the command line or from with OMERO when
transferring the image to the local OMERO server. When I try to import an
image on the remote server, I get the following error:

...


The code, and full error output are below.
I’ve also put it into a different script on gist that demonstrates the error
by running it from within OMERO as a script.
https://gist.github.com/eilidh-t/e763dab7d4f3515cc85b0b6ddfb8d9f4


I've update your script:
https://gist.github.com/joshmoore/0c2e5319d8d5ae7f79ee82e3e68b721b

The most important change is:

  del os.environ["ICE_CONFIG"] before importing

which does the equivalent of `Ice.Config=/dev/null` but for the import
process. Likely, that should be done closer to the top.

Other changes include:

* use ome.cli.CLI rather than calling subprocess (simplicity)
* only register the script if it doesn't exist (less test mess)
* pass a key to not store the root's password (security)
* adding a warning about the security whole that this script could
cause (security)

My general workflow was:

* docker-compose up -d
* docker-compose exec omero1 bash
* cd /opt/omero/server/OMERO.server
* export PYTHONPATH=lib/python
* python /gist/export_to_remote_omero.py

If I needed to change the script, I deleted the uploaded file from
lib/script/export_to_remote_omero.py and re-ran.

Thanks for your help with this,
Eilidh



Let us know if that works for you.
~J
_______________________________________________
ome-devel mailing list
ome-devel at lists.openmicroscopy.org.uk
http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel



The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

_______________________________________________
ome-devel mailing list
ome-devel at lists.openmicroscopy.org.uk
http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel

_______________________________________________
ome-devel mailing list
ome-devel at lists.openmicroscopy.org.uk<mailto:ome-devel at lists.openmicroscopy.org.uk>
http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
_______________________________________________
ome-devel mailing list
ome-devel at lists.openmicroscopy.org.uk<mailto:ome-devel at lists.openmicroscopy.org.uk>
http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel


The University of Dundee is a registered Scottish Charity, No: SC015096
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openmicroscopy.org.uk/pipermail/ome-devel/attachments/20171211/fd9d2054/attachment.html>

More information about the ome-devel mailing list