Webconf Access Control
|
View:
New views
6 Messages
—
Rating Filter:
Alert me
|
 |
Webconf Access Control
by n22e113
::
Rate this Message:
While testing leaf v3.1.1-beta3, I am stuck at the page using firefox:
http://192.168.1.210/wc-passwd.cgi Except for the "General Health" and "Active Connections" pages. Leaving both Username and Password blank and hitting the |Apply| button will only get me back to the same page? If Username=admin and Password=blank and hitting the |Apply| button, the web page will transfer data forever? Thanks! ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@... https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ |
|
|
Re: Webconf Access Control
by KP Kirchdoerfer-2
::
Rate this Message:
Am Donnerstag, 20. August 2009 11:52:02 schrieb n22e113:
> While testing leaf v3.1.1-beta3, I am stuck at the page using firefox: > http://192.168.1.210/wc-passwd.cgi > Except for the "General Health" and "Active Connections" pages. Leaving > both Username and Password blank and hitting the |Apply| button will only > get me back to the same page? If Username=admin and Password=blank and > hitting the |Apply| button, the web page will transfer data forever? > Thanks! It's not obvious and the information on the page is wrong: Please add a password! It's pretty unsecure to use webconf without password andf therefor not allowed. kp ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@... https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ |
|
|
Re: Webconf Access Control
by n22e113
::
Rate this Message:
>> While testing leaf v3.1.1-beta3, I am stuck at the page using firefox:
But from the page "Webconf authentication":
>> http://192.168.1.210/wc-passwd.cgi >> Except for the "General Health" and "Active Connections" pages. Leaving >> both Username and Password blank and hitting the |Apply| button will only >> get me back to the same page? If Username=admin and Password=blank and >> hitting the |Apply| button, the web page will transfer data forever? >> Thanks! > > It's not obvious and the information on the page is wrong: Please add a > password! > It's pretty unsecure to use webconf without password andf therefor not > allowed. > "To completely disable authentication, leave the fields for username as well as password blank." The above is correct because Linux and open source are all about choices. Users in our case are only allowed to access webconf from inside our private LAN. Admins/Users shall all have the ability to decide what level of security of Webconf access for a particular installation. The information on the page also correctly states: "While it provides some protection, please note that the passwords are sent over the network in clear text." ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@... https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ |
|
|
Re: Webconf Access Control
by Erich Titl
::
Rate this Message:
n22e113 wrote:
>>> While testing leaf v3.1.1-beta3, I am stuck at the page using firefox: >>> http://192.168.1.210/wc-passwd.cgi >>> Except for the "General Health" and "Active Connections" pages. Leaving >>> both Username and Password blank and hitting the |Apply| button will only >>> get me back to the same page? If Username=admin and Password=blank and >>> hitting the |Apply| button, the web page will transfer data forever? >>> Thanks! >> It's not obvious and the information on the page is wrong: Please add a >> password! >> It's pretty unsecure to use webconf without password andf therefor not >> allowed. >> > But from the page "Webconf authentication": > "To completely disable authentication, leave the fields for username as well as password blank." > The above is correct because Linux and open source are all about choices. Users in our case are only allowed to access webconf from inside our private LAN. Admins/Users shall all have the ability to decide what level of security of Webconf access for a particular installation. The information on the page also correctly states: > "While it provides some protection, please note that the passwords are sent over the network in clear text." If you don't like this behaviour, as you said it is open source, you can look into /var/webconf/lib/preamble.sh for <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> $( /var/webconf/lib/passcheck.sh ) <title>Bering LEAF Firewall</title> <link rel="stylesheet" type="text/css" href="/webconf.css"> </head> either remove the call to passcheck or extend it to look for a configuration option (and if so feed back). If you want my honest opinion... just use credentials... :-) Erich ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@... https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ |
|
|
Re: Webconf Access Control
by n22e113
::
Rate this Message:
> If you don't like this behaviour, as you said it is open source, you can
Thanks! All I need is to remove the line:
> look into > > /var/webconf/lib/preamble.sh for > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <html> > <head> > $( /var/webconf/lib/passcheck.sh ) > <title>Bering LEAF Firewall</title> > <link rel="stylesheet" type="text/css" href="/webconf.css"> > </head> > > either remove the call to passcheck or extend it to look for a > configuration option (and if so feed back). If you want my honest > opinion... just use credentials... > :-) > $( /var/webconf/lib/passcheck.sh ) which is not part of the v3.1 distro! Cheers, ;-0 ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@... https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ |
|
|
Re: Webconf Access Control
by KP Kirchdoerfer-2
::
Rate this Message:
Am Donnerstag, 20. August 2009 17:48:29 schrieb n22e113:
> >> While testing leaf v3.1.1-beta3, I am stuck at the page using firefox: > >> http://192.168.1.210/wc-passwd.cgi > >> Except for the "General Health" and "Active Connections" pages. Leaving > >> both Username and Password blank and hitting the |Apply| button will > >> only get me back to the same page? If Username=admin and Password=blank > >> and hitting the |Apply| button, the web page will transfer data forever? > >> Thanks! > > > > It's not obvious and the information on the page is wrong: Please add a > > password! > > It's pretty unsecure to use webconf without password andf therefor not > > allowed. > > But from the page "Webconf authentication": > "To completely disable authentication, leave the fields for username as > well as password blank." As I wrote - "the information on the page is wrong". Will be corrected for a future release. > The above is correct because Linux and open source > are all about choices. Users in our case are only allowed to access webconf > from inside our private LAN. Admins/Users shall all have the ability to > decide what level of security of Webconf access for a particular > installation. The information on the page also correctly states: "While it > provides some protection, please note that the passwords are sent over the > network in clear text." > IMHO the target audience for webconf is the home user who does not take care about security and more than a default setup. Therefor forcing them to choose a login password is following the line "better safe than sorry". Admins usually use the shell based configuration, which is a lot mor flexible and secure. kp ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@... https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ |
| Free embeddable forum powered by Nabble | Forum Help |
