zoukankan      html  css  js  c++  java
  • Create a secure MapGuide Site创建安全的MapGuide站点


    After days or months hard work, are you ready to publish your MapGuide application to the public world? If your answer is yes and you don't want your MapGuide site exposed to the hackers for their entertainment, please wait a minute and read this blog first J

    Maybe you have known that we have very convenient test page to test most functionalities of MapGuide Enterprise/OpenSource. I mean the MapAgent, you can access it from http://servername/mapguideopensource/mapagent/index.html. But it is also very dangious for a public MapGuide site, even the "Anonymous" user account has access to the HTTP test pages with the default security setup. Server Admin allows someone to take the MG server offline without having to enter any credentials. Is it terrible? To disable the HTTP test pages, you can remove it from the public website, just delete the HTTP test pages (www/mapagent/*.html, *.js, *.php).

    Here are a few another suggestions for hardening the security on a production MapGuide site:

    Of cause, the first thing is to change the Admin password in MapGuide Site Administrator (http://servername/mapguideopensource/mapadmin/login.php ), see the screenshot below:

    And then, if you are sure that you will not using the Site Administrator, you can remove it from the website. All of these pages require authentication but they do give a lot of information to anyone who can figure out the credentials.  To disable the web administrator, delete the <webdir>\www\mapadmin folder.

    You can also disable all of the HTTP "author role" commands by adding the following to www/webconfig.ini

    [AgentProperties]

    DisableAuthoring = 1

    Please note that disabling authoring kills Maestro and Autodesk MapGuide Studio.  You can set up secure connections for Administrations and authoring. The way this is set up, you end up with a URL of the form https://servername/mapguideopensource or http://servername/mapguide2010/ , which can be used in Autodesk MapGuide Studio or Maestro to do the authoring work.

    If the administration and authoring do not need to be made publicly available, an alternative installation can be like this:

    You can do that on both Apache and IIS, we have a document to show you how to do the configuration step by step, you can download it from here: http://images.autodesk.com/adsk/files/secure_autodesk_mapguide_enterprise_site.pdf

    Finally, if you are not using WMS or WFS, you can also disable serving of these protocols with

    [AgentProperties]

    DisableWfs = 1

    DisableWms = 1

    Now, it is time to take action, go and make your MapGuide Site publicly and strong! Cheers! J

    作者:峻祁连
    邮箱:junqilian@163.com
    出处:http://junqilian.cnblogs.com
    转载请保留此信息。
  • 相关阅读:
    Bullet 学习笔记之 btPersistentManifold 及 btManifoldPoint
    Bullet 学习笔记之 btCollisionWorld::performDiscreteCollisionDetection
    Bullet 学习笔记之 btCollisionWorld
    hdu 6617
    codeforces 1247 E
    GYM 101174 A
    GYM 100714 G
    codeforces 1239 C
    牛客挑战赛33D
    codeforces 1238 E
  • 原文地址:https://www.cnblogs.com/junqilian/p/1554936.html
Copyright © 2011-2022 走看看