Re: [leaf-user] Webconf Access Control

Thu, 20 Aug 2009 09:37:07 -0700 

n22e113 wrote:
>>> While testing leaf v3.1.1-beta3, I am stuck at the page using firefox:
>>> http://192.168.1.210/wc-passwd.cgi
>>> Except for the "General Health" and "Active Connections" pages. Leaving
>>> both Username and Password blank and hitting the |Apply| button will only
>>> get me back to the same page? If Username=admin and Password=blank and
>>> hitting the |Apply| button, the web page will transfer data forever?
>>> Thanks!
>> It's not obvious and the information on the page is wrong: Please add a 
>> password! 
>> It's pretty unsecure to use webconf without password andf therefor not 
>> allowed.
>>
> But from the page "Webconf authentication":
> "To completely disable authentication, leave the fields for username as well 
> as password blank."
> The above is correct because Linux and open source are all about choices. 
> Users in our case are only allowed to access webconf from inside our private 
> LAN. Admins/Users shall all have the ability to decide what level of security 
> of Webconf access for a particular installation. The information on the page 
> also correctly states:
> "While it provides some protection, please note that the passwords are sent 
> over the network in clear text."

That depends, I never allow http access :-) only https

If you don't like this behaviour, as you said it is open source, you can
look into

/var/webconf/lib/preamble.sh for

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
$( /var/webconf/lib/passcheck.sh )
<title>Bering LEAF Firewall</title>
<link rel="stylesheet" type="text/css" href="/webconf.css">
</head>

either remove the call to passcheck or extend it to look for a
configuration option (and if so feed back). If you want my honest
opinion... just use credentials...

:-)

Erich


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Reply via email to