[opencms-dev] Securing the system
Michael Goodwin
mgoodwin at amadeus.net
Fri Feb 6 11:39:01 CET 2004
Thanks that pretty much explains things. The authentication is embedded in
the asp in fact (have to work with what i've got). I fully appreciate the
seperation of opencms and IIS. Unfortunatley this creates a situation where
supposedly secure files (the security is included asp code in the jsp
template) are for the world to see (if they suss out that they should put
opencms/opencms in the path).
I'm going to assume this is correct behaviour, and change the source at the
point where it exports.
From: "Hartmann, Waehrisch & Feykes GmbH"
<hartmann at waehrisch-feykes.de>@opencms.org on 06/02/2004 11:09
Please respond to opencms-dev at opencms.org
Sent by: opencms-dev-admin at opencms.org
To: <opencms-dev at opencms.org>
cc:
Subjec Re: [opencms-dev] Securing the
t: system
I think you muddle up publishing with static exporting. OpenCms has its own
access management and doesn't know anything of the access management of
your
HTTP-Server (you say asp so i assume IIS). If pages with limited access
would be statically exported OpenCms would loose control over these files.
In an open system anyone could request them. Therefor the pages are not
exported during the publishing process. But they still get available in
your
online project where OpenCms has control over them and can check access
rights.
----- Original Message -----
From: "Michael Goodwin" <mgoodwin at amadeus.net>
To: <opencms-dev at opencms.org>
Sent: Friday, February 06, 2004 10:17 AM
Subject: Re: [opencms-dev] Securing the system
>
>
>
>
>
> >> I would like to prevent people from seeing files that have not been
> >> exported statically. Anyone achieved this?
> >>
> >> What seems logical to me is to remove the read permission for 'others'
> for
> >> the files. However when this is done there is an error when you
publish
> the
> >> files. What rights does the publishing process operate with?
> >
> >But it does work as wanted, doesn't it? So read over the error messages.
>
> No it doesn't work. The file is unviewable unless you are logged in (the
> desired result), but it doesn't get published. The export seems to have
the
> same permissions as 'others', which is logical but in this case
> undesirable. The site itself has its own authentication in asp (used for
> statistical purposes, but also because there maybe some fairly sensitive
> information). Thanks for any help.
>
>
>
>
>
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please
visit
> http://mail.opencms.org/mailman/listinfo/opencms-dev
_______________________________________________
This mail is send to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
http://mail.opencms.org/mailman/listinfo/opencms-dev
More information about the opencms-dev
mailing list