Infrastructure Map Server General Discussion

Reply
*Tom
Message 1 of 2 (263 Views)

MGE2010 and security

263 Views, 1 Replies
08-25-2009 04:49 PM
Hello,

As I bring my MGE2010 site closer to online, I have a question regarding the
/mapagent/index.html section and how to best lock it down. I can
see where it's a handly tool for diagnostics and such but the Server Admin
section is downright scary!

Bringing up that section allows the execution of several tasks that include
Taking the server on/offline. All the Server Admin functions call a
'serveradminhelper.(.php/.aspx/.jsp) file in it's respective mapviewerxxx
folder depending on your installation. The fun begins with the embeded
function: $cred->SetMgUsernamePassword("Administrator","admin"); (out of the
php version)

Now then, why would I want the admin UID/pw embeded in cleartext in a
function on a webserver where there appears to be NO discussion on security
in the docs anywere?!?!?!?

Also, a standard tenet of security is to rename/disable the admin account/pw
so this tool will fail until the correct credentials are corrected in
cleartext because the file is statically copied in during install and has no
method to dynamically update which is probably a REAL good thing.

How difficult would it be to at least bring up a UID/pw entry box where
action by a user is required?

How many other security holes are there that could affect our ability to
provide services to clients?

Please advise

Tom
Active Contributor
soudemans
Posts: 26
Registered: ‎09-10-2009
Message 2 of 2 (229 Views)

Re: MGE2010 and security

10-12-2010 10:56 AM in reply to: *Tom

Tom,

 

Good question.  I too am looking into security issues.  Did you ever get an answer?

You are not logged in.

Log into access your profile, ask and answer questions, share ideas and more. Haven't signed up yet? Register

Announcements
Are you familiar with the Autodesk Expert Elites? The Expert Elite program is made up of customers that help other customers by sharing knowledge and exemplifying an engaging style of collaboration. To learn more, please visit our Expert Elite website.

Need installation help?

Start with some of our most frequented solutions to get help installing your software.

Ask the Community