Re: [WebDNA] [BULK] Securing WebCatalog login

This WebDNA talk-list message is from

2017


It keeps the original formatting.
numero = 113525
interpreted = N
texte = 1120 --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii If you want to lock down your Admin templates, and any template on the = server that is using plain http auth in the clear with the [protect] = tag, add this line to the top of your MultiGroupChecker: [showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][ThisURL]][/showif] Not sure at what version [thisport] was added, so you'll have to test = with your version. This will redirect every [protect]-ed page on your server that is not = listening on port 443. So you'll need to assess whether this will break = any web sites you are serving. If you're not comfortable putting this = kind of blanket over the [protect] tag globally, you can always add a = qualifier: [if = ("[thisport]"!"443")&("[ThisURL]"^"/WebCatalogEngine/")][then][redirect = https://MySecureDomainUsedToAccessWebCatalog[ThisURL]][/then][/if] MD > On Mar 27, 2017, at 1:52 AM, Jan Huijsmans = wrote: >=20 > Hi, >=20 > Ok, we managed to secure /WebCatalog/ dir with a permanent redirect to = https, but the Admin dir itself is placed in cgi-bin dir, which has a = special status and can't be handled in the same way. (other then = redirecting the complete cgi-bin dir) >=20 > To be honest, I'm surprised that the application itself doesn't do = anything to improve security, other then username/password over an = unencrypted link. Personally I'm glad we can contain WebDNA in virtual 1 = server. I wouldn't want to provide services for several customers on 1 = server with it. It shows it's age. >=20 >> On March 9, 2017 at 2:46 PM Jan Huijsmans = wrote: >>=20 >> Hi, >>=20 >> With all the help, the environment we're setting up is running as I = (and more importantly, the customer) expect it to. >>=20 >> Is there an official way to secure the admin interface within WebDNA = so connects are only accepted on https? We're trying to add a rewrite = via apache config for the WebCatalogEngine/Admin dir, but somehow it = feels as the wrong way to secure the admin interface.=20 >>=20 >> Vriendelijke groet, >>=20 >> >>=20 >=20 > =20 >=20 >> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list >=20 > Vriendelijke groet, >=20 > >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us = Bug Reporting: = support@webdna.us --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii If you want to lock down your Admin templates, and any = template on the server that is using plain http auth in the clear with = the [protect] tag, add this line to the top of your = MultiGroupChecker:

[showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][ThisURL]][/showif]

Not sure at what version [thisport] was = added, so you'll have to test with your version.

This will redirect every [protect]-ed = page on your server that is not listening on port 443.  So you'll = need to assess whether this will break any web sites you are serving. =  If you're not comfortable putting this kind of blanket over the = [protect] tag globally, you can always add a qualifier:

[if = ("[thisport]"!"443")&("[ThisURL]"^"/WebCatalogEngine/")][then][redirec= t https://MySecureDomainUsedToAccessWebCatalog[ThisURL]][/then][/= if]


MD
On Mar 27, 2017, at 1:52 AM, = Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

Ok, we managed to secure = /WebCatalog/ dir with a permanent redirect to https, but the Admin dir = itself is placed in cgi-bin dir, which has a special status and can't be = handled in the same way. (other then redirecting the complete cgi-bin = dir)

To be honest, I'm surprised that the application itself = doesn't do anything to improve security, other then username/password = over an unencrypted link. Personally I'm glad we can contain WebDNA in = virtual 1 server. I wouldn't want to provide services for several = customers on 1 server with it. It shows it's age.

On March 9, 2017 at 2:46 PM = Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

With all the help, the = environment we're setting up is running as I (and more importantly, the = customer) expect it to.

Is there an official way to = secure the admin interface within WebDNA so connects are only accepted = on https? We're trying to add a rewrite via apache config for the = WebCatalogEngine/Admin dir, but somehow it feels as the wrong way to = secure the admin interface. 

Vriendelijke groet,

 <Mail = Attachment.png>


 

--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list


Vriendelijke groet,

 <Mail = Attachment.png>

--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list . = To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122-- . Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] [BULK] Securing WebCatalog login (Jan Huijsmans 2017)
  2. Re: [WebDNA] [BULK] Securing WebCatalog login (christophe.billiottet@webdna.us 2017)
  3. Re: [WebDNA] [BULK] Securing WebCatalog login (Jan Huijsmans 2017)
  4. Re: [WebDNA] [BULK] Securing WebCatalog login (Jan Huijsmans 2017)
  5. Re: [WebDNA] [BULK] Securing WebCatalog login (Stuart Tremain 2017)
  6. Re: [WebDNA] [BULK] Securing WebCatalog login (Michael Davis 2017)
  7. Re: [WebDNA] [BULK] Securing WebCatalog login (Jan Huijsmans 2017)
1120 --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii If you want to lock down your Admin templates, and any template on the = server that is using plain http auth in the clear with the [protect] = tag, add this line to the top of your MultiGroupChecker: [showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][thisurl]][/showif] Not sure at what version [thisport] was added, so you'll have to test = with your version. This will redirect every [protect]-ed page on your server that is not = listening on port 443. So you'll need to assess whether this will break = any web sites you are serving. If you're not comfortable putting this = kind of blanket over the [protect] tag globally, you can always add a = qualifier: [if = ("[thisport]"!"443")&("[thisurl]"^"/WebCatalogEngine/")][then][redirect = https://MySecureDomainUsedToAccessWebCatalog[thisurl]][/then][/if] MD > On Mar 27, 2017, at 1:52 AM, Jan Huijsmans = wrote: >=20 > Hi, >=20 > Ok, we managed to secure /WebCatalog/ dir with a permanent redirect to = https, but the Admin dir itself is placed in cgi-bin dir, which has a = special status and can't be handled in the same way. (other then = redirecting the complete cgi-bin dir) >=20 > To be honest, I'm surprised that the application itself doesn't do = anything to improve security, other then username/password over an = unencrypted link. Personally I'm glad we can contain WebDNA in virtual 1 = server. I wouldn't want to provide services for several customers on 1 = server with it. It shows it's age. >=20 >> On March 9, 2017 at 2:46 PM Jan Huijsmans = wrote: >>=20 >> Hi, >>=20 >> With all the help, the environment we're setting up is running as I = (and more importantly, the customer) expect it to. >>=20 >> Is there an official way to secure the admin interface within WebDNA = so connects are only accepted on https? We're trying to add a rewrite = via apache config for the WebCatalogEngine/Admin dir, but somehow it = feels as the wrong way to secure the admin interface.=20 >>=20 >> Vriendelijke groet, >>=20 >> >>=20 >=20 > =20 >=20 >> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list >=20 > Vriendelijke groet, >=20 > >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us = Bug Reporting: = support@webdna.us --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii If you want to lock down your Admin templates, and any = template on the server that is using plain http auth in the clear with = the [protect] tag, add this line to the top of your = MultiGroupChecker:

[showif [thisport]!443][redirect https://[GetMIMEHeader = HTTP_HOST][thisurl]][/showif]

Not sure at what version [thisport] was = added, so you'll have to test with your version.

This will redirect every [protect]-ed = page on your server that is not listening on port 443.  So you'll = need to assess whether this will break any web sites you are serving. =  If you're not comfortable putting this kind of blanket over the = [protect] tag globally, you can always add a qualifier:

[if = ("[thisport]"!"443")&("[thisurl]"^"/WebCatalogEngine/")][then][redirec= t [thisurl]][/then][/if"= = class=3D"">https://MySecureDomainUsedToAccessWebCatalog[thisurl]][/then][/= if]


MD
On Mar 27, 2017, at 1:52 AM, = Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

Ok, we managed to secure = /WebCatalog/ dir with a permanent redirect to https, but the Admin dir = itself is placed in cgi-bin dir, which has a special status and can't be = handled in the same way. (other then redirecting the complete cgi-bin = dir)

To be honest, I'm surprised that the application itself = doesn't do anything to improve security, other then username/password = over an unencrypted link. Personally I'm glad we can contain WebDNA in = virtual 1 server. I wouldn't want to provide services for several = customers on 1 server with it. It shows it's age.

On March 9, 2017 at 2:46 PM = Jan Huijsmans <jan.huijsmans@baruch-ict.nl> wrote:

Hi,

With all the help, the = environment we're setting up is running as I (and more importantly, the = customer) expect it to.

Is there an official way to = secure the admin interface within WebDNA so connects are only accepted = on https? We're trying to add a rewrite via apache config for the = WebCatalogEngine/Admin dir, but somehow it feels as the wrong way to = secure the admin interface. 

Vriendelijke groet,

 <Mail = Attachment.png>


 

--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list


Vriendelijke groet,

 <Mail = Attachment.png>

--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list . = To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --Apple-Mail=_224630D1-0F87-431F-A3A1-8EBD43FBA122-- . Michael Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCat editing, SiteGuard & SiteEdit (1997) Add sizes from check boxes (2002) Server Error Question (2004) WebCommerce: Folder organization ? (1997) WebCatalog complains that the service is not running. (1998) DB Updates don't take (1998) WebCatalog Features (1997) WebCatalog2 Feature Feedback (1996) WebCat2b13 Mac plugin - [sendmail] and checkboxes (1997) No messages for a week? (2000) WebCatalog [FoundItems] Problem - AGAIN - (1997) Linux ODBC and the ODBC Bridge (2000) WebCat2b13MacPlugIn - [showif][search][/showif] (1997) Location of Browser Info.txt file (1997) Quickie question on the email templates (1997) OT: Unix Guru Needed (2003) [writefile] (1997) Is this possible, WebCat2.0 and checkboxes (1997) webcat NT (1998) Cookies (1999)