Re: [WebDNA] [BULK] Securing WebCatalog login

This WebDNA talk-list message is from

2017


It keeps the original formatting.
numero = 113525
interpreted = N
texte = 1120 --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii If you want to lock down your Admin templates, and any template on the = server that is using plain http auth in the clear with the [protect] = tag, add this line to the top of your MultiGroupChecker: [showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][ThisURL]][/showif] Not sure at what version [thisport] was added, so you'll have to test = with your version. This will redirect every [protect]-ed page on your server that is not = listening on port 443. So you'll need to assess whether this will break = any web sites you are serving. If you're not comfortable putting this = kind of blanket over the [protect] tag globally, you can always add a = qualifier: [if = ("[thisport]"!"443")&("[ThisURL]"^"/WebCatalogEngine/")][then][redirect = https://MySecureDomainUsedToAccessWebCatalog[ThisURL]][/then][/if] MD > On Mar 27, 2017, at 1:52 AM, Jan Huijsmans = wrote: >=20 > Hi, >=20 > Ok, we managed to secure /WebCatalog/ dir with a permanent redirect to = https, but the Admin dir itself is placed in cgi-bin dir, which has a = special status and can't be handled in the same way. (other then = redirecting the complete cgi-bin dir) >=20 > To be honest, I'm surprised that the application itself doesn't do = anything to improve security, other then username/password over an = unencrypted link. Personally I'm glad we can contain WebDNA in virtual 1 = server. I wouldn't want to provide services for several customers on 1 = server with it. It shows it's age. >=20 >> On March 9, 2017 at 2:46 PM Jan Huijsmans = wrote: >>=20 >> Hi, >>=20 >> With all the help, the environment we're setting up is running as I = (and more importantly, the customer) expect it to. >>=20 >> Is there an official way to secure the admin interface within WebDNA = so connects are only accepted on https? We're trying to add a rewrite = via apache config for the WebCatalogEngine/Admin dir, but somehow it = feels as the wrong way to secure the admin interface.=20 >>=20 >> Vriendelijke groet, >>=20 >> >>=20 >=20 > =20 >=20 >> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list >=20 > Vriendelijke groet, >=20 > >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us = Bug Reporting: = support@webdna.us --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii If you want to lock down your Admin templates, and any = template on the server that is using plain http auth in the clear with = the [protect] tag, add this line to the top of your = MultiGroupChecker:

[showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][ThisURL]][/showif]

Not sure at what version [thisport] was = added, so you'll have to test with your version.

This will redirect every [protect]-ed = page on your server that is not listening on port 443.  So you'll = need to assess whether this will break any web sites you are serving. =  If you're not comfortable putting this kind of blanket over the = [protect] tag globally, you can always add a qualifier:

[if = ("[thisport]"!"443")&("[ThisURL]"^"/WebCatalogEngine/")][then][redirec= t https://MySecureDomainUsedToAccessWebCatalog[ThisURL]][/then][/= if]


MD
On Mar 27, 2017, at 1:52 AM, = Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

Ok, we managed to secure = /WebCatalog/ dir with a permanent redirect to https, but the Admin dir = itself is placed in cgi-bin dir, which has a special status and can't be = handled in the same way. (other then redirecting the complete cgi-bin = dir)

To be honest, I'm surprised that the application itself = doesn't do anything to improve security, other then username/password = over an unencrypted link. Personally I'm glad we can contain WebDNA in = virtual 1 server. I wouldn't want to provide services for several = customers on 1 server with it. It shows it's age.

On March 9, 2017 at 2:46 PM = Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

With all the help, the = environment we're setting up is running as I (and more importantly, the = customer) expect it to.

Is there an official way to = secure the admin interface within WebDNA so connects are only accepted = on https? We're trying to add a rewrite via apache config for the = WebCatalogEngine/Admin dir, but somehow it feels as the wrong way to = secure the admin interface. 

Vriendelijke groet,

 <Mail = Attachment.png>


 

--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list


Vriendelijke groet,

 <Mail = Attachment.png>

--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list . = To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122-- . Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] [BULK] Securing WebCatalog login (Jan Huijsmans 2017)
  2. Re: [WebDNA] [BULK] Securing WebCatalog login (christophe.billiottet@webdna.us 2017)
  3. Re: [WebDNA] [BULK] Securing WebCatalog login (Jan Huijsmans 2017)
  4. Re: [WebDNA] [BULK] Securing WebCatalog login (Jan Huijsmans 2017)
  5. Re: [WebDNA] [BULK] Securing WebCatalog login (Stuart Tremain 2017)
  6. Re: [WebDNA] [BULK] Securing WebCatalog login (Michael Davis 2017)
  7. Re: [WebDNA] [BULK] Securing WebCatalog login (Jan Huijsmans 2017)
1120 --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii If you want to lock down your Admin templates, and any template on the = server that is using plain http auth in the clear with the [protect] = tag, add this line to the top of your MultiGroupChecker: [showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][thisurl]][/showif] Not sure at what version [thisport] was added, so you'll have to test = with your version. This will redirect every [protect]-ed page on your server that is not = listening on port 443. So you'll need to assess whether this will break = any web sites you are serving. If you're not comfortable putting this = kind of blanket over the [protect] tag globally, you can always add a = qualifier: [if = ("[thisport]"!"443")&("[thisurl]"^"/WebCatalogEngine/")][then][redirect = https://MySecureDomainUsedToAccessWebCatalog[thisurl]][/then][/if] MD > On Mar 27, 2017, at 1:52 AM, Jan Huijsmans = wrote: >=20 > Hi, >=20 > Ok, we managed to secure /WebCatalog/ dir with a permanent redirect to = https, but the Admin dir itself is placed in cgi-bin dir, which has a = special status and can't be handled in the same way. (other then = redirecting the complete cgi-bin dir) >=20 > To be honest, I'm surprised that the application itself doesn't do = anything to improve security, other then username/password over an = unencrypted link. Personally I'm glad we can contain WebDNA in virtual 1 = server. I wouldn't want to provide services for several customers on 1 = server with it. It shows it's age. >=20 >> On March 9, 2017 at 2:46 PM Jan Huijsmans = wrote: >>=20 >> Hi, >>=20 >> With all the help, the environment we're setting up is running as I = (and more importantly, the customer) expect it to. >>=20 >> Is there an official way to secure the admin interface within WebDNA = so connects are only accepted on https? We're trying to add a rewrite = via apache config for the WebCatalogEngine/Admin dir, but somehow it = feels as the wrong way to secure the admin interface.=20 >>=20 >> Vriendelijke groet, >>=20 >> >>=20 >=20 > =20 >=20 >> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list >=20 > Vriendelijke groet, >=20 > >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us = Bug Reporting: = support@webdna.us --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii If you want to lock down your Admin templates, and any = template on the server that is using plain http auth in the clear with = the [protect] tag, add this line to the top of your = MultiGroupChecker:

[showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][thisurl]][/showif]

Not sure at what version [thisport] was = added, so you'll have to test with your version.

This will redirect every [protect]-ed = page on your server that is not listening on port 443.  So you'll = need to assess whether this will break any web sites you are serving. =  If you're not comfortable putting this kind of blanket over the = [protect] tag globally, you can always add a qualifier:

[if = ("[thisport]"!"443")&("[thisurl]"^"/WebCatalogEngine/")][then][redirec= t [thisurl]][/then][/if"= = class=3D"">https://MySecureDomainUsedToAccessWebCatalog[thisurl]][/then][/= if]


MD
On Mar 27, 2017, at 1:52 AM, = Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

Ok, we managed to secure = /WebCatalog/ dir with a permanent redirect to https, but the Admin dir = itself is placed in cgi-bin dir, which has a special status and can't be = handled in the same way. (other then redirecting the complete cgi-bin = dir)

To be honest, I'm surprised that the application itself = doesn't do anything to improve security, other then username/password = over an unencrypted link. Personally I'm glad we can contain WebDNA in = virtual 1 server. I wouldn't want to provide services for several = customers on 1 server with it. It shows it's age.

On March 9, 2017 at 2:46 PM = Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

With all the help, the = environment we're setting up is running as I (and more importantly, the = customer) expect it to.

Is there an official way to = secure the admin interface within WebDNA so connects are only accepted = on https? We're trying to add a rewrite via apache config for the = WebCatalogEngine/Admin dir, but somehow it feels as the wrong way to = secure the admin interface. 

Vriendelijke groet,

 <Mail = Attachment.png>


 

--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list


Vriendelijke groet,

 <Mail = Attachment.png>

--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list . = To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122-- . Michael Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

loops (2000) [BoldWords] WebCat.acgib15Mac (1997) RE: Checkboxes to add to cart... (1998) mail on NT (1998) 100% cpu load (2006) showif errors (1998) Help with database strategy (1998) blank page from template (1997) WebCatalog2 Feature Feedback (1996) carriage returns in data (1997) [OT] Site test... (2003) emailer setup (1997) Problems with [Search] param - Mac Plugin b15 (1997) URL for Discussion Archive (1997) PLEASE REMOVE MY EMAIL ADDRESS (1997) Requiring that certain fields be completed (1997) NetSplat and WebCat2 (1997) [WebDNA] Contact Management Code (2012) can WC render sites out? (1997) listfiles shows invisible files ... (1999)