WEBCONSOLE -- Add ASCON wave Handler for remote admin via web bypassing WebMan

azist / azos

A to Z Sky Operating System / Microservice Chassis Framework

MIT License

212 stars 29 forks source link

WEBCONSOLE -- Add ASCON wave Handler for remote admin via web bypassing WebMan #341

Closed erxdkh closed 3 years ago

itadapter commented 4 years ago

WIP @sergey-msu И вновь продолжается бой...

itadapter commented 4 years ago

Since the service is used within the enterprise without SSL, passing an Authorization header in plain text is not a secure option. The remote terminal WebConsole controller needs to be equipped with the Digest authentication method to prevent hijack/replay attacks on the token.

itadapter commented 4 years ago

The best solution is still to use HTTPS, and limit the allowed traffic ONLY from NetScaler (which has a certain IP) which mandates HTTPs (even on internal network), the limit can be set using a filter or a separate/dedicated listener.

For now, you may just avoid the use of the root-level token via unsecure http:// as a practice, although the right way to do this is to stop all traffic to WebConsole endpoint but from select NetScaler-specific addresses.

sergey-msu commented 4 years ago

the end is near ;)

zhabis commented 3 years ago

Deployed to prod