Re: [WebDNA] [BULK] Securing WebCatalog login

This WebDNA talk-list message is from

2017


It keeps the original formatting.
numero = 113525
interpreted = N
texte = 1120 --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii If you want to lock down your Admin templates, and any template on the = server that is using plain http auth in the clear with the [protect] = tag, add this line to the top of your MultiGroupChecker: [showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][ThisURL]][/showif] Not sure at what version [thisport] was added, so you'll have to test = with your version. This will redirect every [protect]-ed page on your server that is not = listening on port 443. So you'll need to assess whether this will break = any web sites you are serving. If you're not comfortable putting this = kind of blanket over the [protect] tag globally, you can always add a = qualifier: [if = ("[thisport]"!"443")&("[ThisURL]"^"/WebCatalogEngine/")][then][redirect = https://MySecureDomainUsedToAccessWebCatalog[ThisURL]][/then][/if] MD > On Mar 27, 2017, at 1:52 AM, Jan Huijsmans = wrote: >=20 > Hi, >=20 > Ok, we managed to secure /WebCatalog/ dir with a permanent redirect to = https, but the Admin dir itself is placed in cgi-bin dir, which has a = special status and can't be handled in the same way. (other then = redirecting the complete cgi-bin dir) >=20 > To be honest, I'm surprised that the application itself doesn't do = anything to improve security, other then username/password over an = unencrypted link. Personally I'm glad we can contain WebDNA in virtual 1 = server. I wouldn't want to provide services for several customers on 1 = server with it. It shows it's age. >=20 >> On March 9, 2017 at 2:46 PM Jan Huijsmans = wrote: >>=20 >> Hi, >>=20 >> With all the help, the environment we're setting up is running as I = (and more importantly, the customer) expect it to. >>=20 >> Is there an official way to secure the admin interface within WebDNA = so connects are only accepted on https? We're trying to add a rewrite = via apache config for the WebCatalogEngine/Admin dir, but somehow it = feels as the wrong way to secure the admin interface.=20 >>=20 >> Vriendelijke groet, >>=20 >> >>=20 >=20 > =20 >=20 >> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list >=20 > Vriendelijke groet, >=20 > >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us = Bug Reporting: = support@webdna.us --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii If you want to lock down your Admin templates, and any = template on the server that is using plain http auth in the clear with = the [protect] tag, add this line to the top of your = MultiGroupChecker:

[showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][ThisURL]][/showif]

Not sure at what version [thisport] was = added, so you'll have to test with your version.

This will redirect every [protect]-ed = page on your server that is not listening on port 443.  So you'll = need to assess whether this will break any web sites you are serving. =  If you're not comfortable putting this kind of blanket over the = [protect] tag globally, you can always add a qualifier:

[if = ("[thisport]"!"443")&("[ThisURL]"^"/WebCatalogEngine/")][then][redirec= t https://MySecureDomainUsedToAccessWebCatalog[ThisURL]][/then][/= if]


MD
On Mar 27, 2017, at 1:52 AM, = Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

Ok, we managed to secure = /WebCatalog/ dir with a permanent redirect to https, but the Admin dir = itself is placed in cgi-bin dir, which has a special status and can't be = handled in the same way. (other then redirecting the complete cgi-bin = dir)

To be honest, I'm surprised that the application itself = doesn't do anything to improve security, other then username/password = over an unencrypted link. Personally I'm glad we can contain WebDNA in = virtual 1 server. I wouldn't want to provide services for several = customers on 1 server with it. It shows it's age.

On March 9, 2017 at 2:46 PM = Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

With all the help, the = environment we're setting up is running as I (and more importantly, the = customer) expect it to.

Is there an official way to = secure the admin interface within WebDNA so connects are only accepted = on https? We're trying to add a rewrite via apache config for the = WebCatalogEngine/Admin dir, but somehow it feels as the wrong way to = secure the admin interface. 

Vriendelijke groet,

 <Mail = Attachment.png>


 

--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list


Vriendelijke groet,

 <Mail = Attachment.png>

--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list . = To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122-- . Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] [BULK] Securing WebCatalog login (Jan Huijsmans 2017)
  2. Re: [WebDNA] [BULK] Securing WebCatalog login (christophe.billiottet@webdna.us 2017)
  3. Re: [WebDNA] [BULK] Securing WebCatalog login (Jan Huijsmans 2017)
  4. Re: [WebDNA] [BULK] Securing WebCatalog login (Jan Huijsmans 2017)
  5. Re: [WebDNA] [BULK] Securing WebCatalog login (Stuart Tremain 2017)
  6. Re: [WebDNA] [BULK] Securing WebCatalog login (Michael Davis 2017)
  7. Re: [WebDNA] [BULK] Securing WebCatalog login (Jan Huijsmans 2017)
1120 --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii If you want to lock down your Admin templates, and any template on the = server that is using plain http auth in the clear with the [protect] = tag, add this line to the top of your MultiGroupChecker: [showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][thisurl]][/showif] Not sure at what version [thisport] was added, so you'll have to test = with your version. This will redirect every [protect]-ed page on your server that is not = listening on port 443. So you'll need to assess whether this will break = any web sites you are serving. If you're not comfortable putting this = kind of blanket over the [protect] tag globally, you can always add a = qualifier: [if = ("[thisport]"!"443")&("[thisurl]"^"/WebCatalogEngine/")][then][redirect = https://MySecureDomainUsedToAccessWebCatalog[thisurl]][/then][/if] MD > On Mar 27, 2017, at 1:52 AM, Jan Huijsmans = wrote: >=20 > Hi, >=20 > Ok, we managed to secure /WebCatalog/ dir with a permanent redirect to = https, but the Admin dir itself is placed in cgi-bin dir, which has a = special status and can't be handled in the same way. (other then = redirecting the complete cgi-bin dir) >=20 > To be honest, I'm surprised that the application itself doesn't do = anything to improve security, other then username/password over an = unencrypted link. Personally I'm glad we can contain WebDNA in virtual 1 = server. I wouldn't want to provide services for several customers on 1 = server with it. It shows it's age. >=20 >> On March 9, 2017 at 2:46 PM Jan Huijsmans = wrote: >>=20 >> Hi, >>=20 >> With all the help, the environment we're setting up is running as I = (and more importantly, the customer) expect it to. >>=20 >> Is there an official way to secure the admin interface within WebDNA = so connects are only accepted on https? We're trying to add a rewrite = via apache config for the WebCatalogEngine/Admin dir, but somehow it = feels as the wrong way to secure the admin interface.=20 >>=20 >> Vriendelijke groet, >>=20 >> >>=20 >=20 > =20 >=20 >> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list >=20 > Vriendelijke groet, >=20 > >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us = Bug Reporting: = support@webdna.us --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii If you want to lock down your Admin templates, and any = template on the server that is using plain http auth in the clear with = the [protect] tag, add this line to the top of your = MultiGroupChecker:

[showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][thisurl]][/showif]

Not sure at what version [thisport] was = added, so you'll have to test with your version.

This will redirect every [protect]-ed = page on your server that is not listening on port 443.  So you'll = need to assess whether this will break any web sites you are serving. =  If you're not comfortable putting this kind of blanket over the = [protect] tag globally, you can always add a qualifier:

[if = ("[thisport]"!"443")&("[thisurl]"^"/WebCatalogEngine/")][then][redirec= t [thisurl]][/then][/if"= = class=3D"">https://MySecureDomainUsedToAccessWebCatalog[thisurl]][/then][/= if]


MD
On Mar 27, 2017, at 1:52 AM, = Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

Ok, we managed to secure = /WebCatalog/ dir with a permanent redirect to https, but the Admin dir = itself is placed in cgi-bin dir, which has a special status and can't be = handled in the same way. (other then redirecting the complete cgi-bin = dir)

To be honest, I'm surprised that the application itself = doesn't do anything to improve security, other then username/password = over an unencrypted link. Personally I'm glad we can contain WebDNA in = virtual 1 server. I wouldn't want to provide services for several = customers on 1 server with it. It shows it's age.

On March 9, 2017 at 2:46 PM = Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

With all the help, the = environment we're setting up is running as I (and more importantly, the = customer) expect it to.

Is there an official way to = secure the admin interface within WebDNA so connects are only accepted = on https? We're trying to add a rewrite via apache config for the = WebCatalogEngine/Admin dir, but somehow it feels as the wrong way to = secure the admin interface. 

Vriendelijke groet,

 <Mail = Attachment.png>


 

--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list


Vriendelijke groet,

 <Mail = Attachment.png>

--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list . = To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122-- . Michael Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Help need to figure this out today!!! Advanced Question. (2004) [WebDNA] GREP problem (2011) Undeliverable Mail (1997) Newbie problem blah blah blah (1997) Creating a back button (1999) PSC recommends what date format yr 2000??? (1997) [Announce]: Web server security and password protection (1997) Text in coloums... (2000) Nested tags count question (1997) [SearchString] problem with [search] context (1997) New Site Announcement (1998) RSS Feeds; basic info (2005) WebCat2b12 CGI Mac - [shownext] problem (1997) SendMail - sending message to more than one person from (2006) PCS Emailer's role ? (1997) Carrying over data? (1997) WebCAT MacOS9 --> OSX (2003) Follow-Up to: Removing [showif] makes a big difference in speed (1997) Writing to disk (1999) Caching [include] files ... (1997)