normal | wide

Signup for Training


More trainings...

Intalio|BPMS Webinars

Latest Posts


Show last 6 hrs - 24 hrs - 7 days

Forum tags


Top Posters

Last 30 days

  • Antoine (34)
  • ravinderjit.singh (30)
  • danielandross (17)
  • venkaiah.k (16)
  • sirswendu.ganapati (14)
  • eva.das (13)
  • milos.vacek (12)
  • metabyte (9)
  • cristiano.quintao (7)
  • pierre.pavageau (5)

All time

  • Antoine (1488)
  • Shivanand (1194)
  • cshekhar (928)
  • psq (796)
  • jag (391)
  • metabyte (380)
  • arnaud (328)
  • jalateras (325)
  • dfrench (271)
  • venkaiah.k (214)

Show last 4 hrs - 12 hrs - 24 hrs

POLL

We are looking for more information to tailor our training to better meet the needs of our customers. Please indicate all options that apply.

I would like to attend specialized training from Intalio on BPM as it relates to my application area:

I would like to attend specialized training from Intalio on BPM as it relates to my job function:

I would like to attend specialized training from Intalio on BPM as it relates to my industry:

Login

Who's online?

MAIN arrow FORUMS
Intalio|BPMS Community Edition General Questions
Security Question (0 viewing) 
Go to bottom Post Reply Favoured: 0
TOPIC: Security Question
#16340
brian.passante (User)
Fresh Boarder
User Offline Click here to see the profile of this user
Security Question 3 Months, 1 Week ago Karma: 0  
Hi All,

My question is perhaps stupid but I cannot find the anwser alone by reading the forum and googling ;)

Is it any way to secure the deployment of new workflow with the designer when the Intalio server is not listening on localhost ?

Because, it seems everybody is able to deploy workflow with the right ip adress, isn't it ?

There is no login/password anywhere...
I try to look for some ODE configuration, but I didn't find anything, and it is not possible that I am the only one who is asking this question ;)

Thanks a lot for your help
Regards
 
Report to moderator   Logged Logged  
  The administrator has disabled public write access.
#16341
boisvert (User)
Moderator
User Offline Click here to see the profile of this user
Re:Security Question 3 Months, 1 Week ago Karma: 8  
The current recommendation is to disable the remote DeploymentService and use file-system based deployment on production servers.

cheers,
alex
 
Report to moderator   Logged Logged  
  The administrator has disabled public write access.
#16351
brian.passante (User)
Fresh Boarder
User Offline Click here to see the profile of this user
Re:Security Question 3 Months ago Karma: 0  
Hi Alex,

Thanks you for your anwser.
I manage to "secure" a bit by using the reverse proxy configuration of apache.
So that, I can only allow some IP adress and also call all mypages on a stardart webport witout using mod_jk or ajp_proxy.

You need to restrict the ode and wds webservice.
This method can be spoof but I is a bit more secure than nothing ;)

Here is my apache configuration for anybody who wants try :

##########################################################
# INTALIO SECURE WEBSERVICES
##########################################################

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so


<Proxy *>
Order Deny,Allow
Deny from all
</Proxy>

<Proxy http://hostname:8080/console>
Order Deny,Allow
Deny from all
Allow from 192.168.0
</Proxy>

<Proxy http://hostname:8080/bpms-console>
Order Deny,Allow
Deny from all
Allow from 192.168.0.194
</Proxy>

<Proxy http://hostname:8080/ui-fw>
Order Deny,Allow
Deny from all
Allow from 192.168.0
</Proxy>


<Proxy http://hostname:8080/ode>
Order Deny,Allow
Deny from all
Allow from 192.168.0.194
</Proxy>

<Proxy http://hostname:8080/wds>
Order Deny,Allow
Deny from all
Allow from 192.168.0.194
</Proxy>

<Proxy http://hostname:8080/images>
Order Allow,Deny
Allow from all
</Proxy>

<Proxy http://hostname:8080/axis2>
Order Allow,Deny
Allow from all
</Proxy>

<Proxy http://hostname:8080/xFormsManager>
Order Allow,Deny
Allow from all
</Proxy>



ProxyPass /console http://hostname:8080/console
ProxyPass /images http://hostname:8080/images
ProxyPass /ui-fw http://hostname:8080/ui-fw
ProxyPass /axis2 http://hostname:8080/axis2
ProxyPass /xFormsManager http://hostname:8080/xFormsManager
ProxyPass /bpms-console http://hostname:8080/bpms-console
ProxyPass /ode http://hostname:8080/ode
ProxyPass /wds http://hostname:8080/wds


ProxyPassreverse / http://hostname:8080/

##########################################################

Thanks
Brian
 
Report to moderator   Logged Logged  
  The administrator has disabled public write access.
#16372
sashi.varanasi1 (User)
Junior Boarder
User Offline Click here to see the profile of this user
Re:Security Question 3 Months ago Karma: 0  
Hi Alex,

Can you please provide additional information on how to disable the DeploymentService.

thanks,
sashi.
 
Report to moderator   Logged Logged  
  The administrator has disabled public write access.
#16451
brian.passante (User)
Fresh Boarder
User Offline Click here to see the profile of this user
Re:Security Question 2 Months, 3 Weeks ago Karma: 0  
Hi Sashi,

You had to stop the WebService in the axis2 managment interface.

Go to :

http://hostname:8080/axis2/axis2-admin/

The default login/password are admin/axis2

Then, you had to desactivate the DeployementService.


Regards
Brian
 
Report to moderator   Logged Logged  
  The administrator has disabled public write access.
Go to top Post Reply
get the latest posts directly to your desktop