ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
69408
|
Tue Nov 2 12:07:46 2021 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | elog-3.1.4-2 | Re: results of security scan | The elgod.c progarm itself is rather weak in SSL, since I just don't have time to catch up with the latest SSL enhancements. The safest you can do is to put an industry-strenth web server like Apache in front of elogd and let that server handle the SSL layer.
Stefan
David Stops wrote: |
Recently central IT scanned our elog server and reported the following "vulnerabilities"
- 42873 (1) - SSL Medium Strength Cipher Suites Supported (SWEET32)
- 51192 (1) - SSL Certificate Cannot Be Trusted
- 65821 (1) - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
- 85582 (1) - Web Application Potentially Vulnerable to Clickjacking
Is there any easy way of preventing these
Thanks and Best Wishes
David
|
|
69409
|
Thu Nov 4 13:48:00 2021 |
| David Stops | djs@star.sr.bham.ac.uk | Question | Linux | elog-3.1.4-2 | Re: results of security scan | Thanks, I'll try that and see what happens
David
Stefan Ritt wrote: |
The elgod.c progarm itself is rather weak in SSL, since I just don't have time to catch up with the latest SSL enhancements. The safest you can do is to put an industry-strenth web server like Apache in front of elogd and let that server handle the SSL layer.
Stefan
David Stops wrote: |
Recently central IT scanned our elog server and reported the following "vulnerabilities"
- 42873 (1) - SSL Medium Strength Cipher Suites Supported (SWEET32)
- 51192 (1) - SSL Certificate Cannot Be Trusted
- 65821 (1) - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
- 85582 (1) - Web Application Potentially Vulnerable to Clickjacking
Is there any easy way of preventing these
Thanks and Best Wishes
David
|
|
|
68176
|
Mon Nov 2 08:41:20 2015 |
| Andreas Luedeke | andreas.luedeke@psi.ch | Bug report | All | 3.1.1 | Re: restrict edit time and autosave | Hi Kester,
yes, I did run into the same problem, that I could not even delete old drafts due to our restrict edit time.
We allow anonymous submissions in our operation logbooks. After a while drafts of unsubmitted messages just pile up; and I need to remove them as administrator.
While I can do that easily for anonymous drafts, I cannot do that for drafts of other users: I don't easily see those drafts.
It would be really nice, if drafts would be handled different then other entries regarding "Restrict edit time" as you've suggested.
Cheers, Andreas
Kester Habermann wrote: |
Hello,
When using restrict edit time together with autosave, there is the following problem: The counter for restrict edit time seems to start after the autosave. If the time is up, it is no longer possible to submit the report.
It is also not possble to edit old drafts if restrict edit has elapsed since the creation of the save.
Autosave is definitively a nice new feature. However, I think it would be better if the counter for restrict edit time only started after the "submit" of the report and allowed edits to drafts no matter how old they are. As it is one needs to either set a really high value for restrict edit time or turn off autosave.
The issue seems to be related to: https://midas.psi.ch/elogs/Forum/68103
Regards
Kester
|
|
69001
|
Thu Aug 15 13:34:23 2019 |
| Andreas Luedeke | andreas.luedeke@psi.ch | Request | Linux | 3.1.4 | Re: restrict edit time | Yes, I agree that cleaning up old Draft entries and correcting/deleting old entries is a job for the administrator. Currently I do what you've said: commenting out "restrict edit time", changing the entry, commenting in "restrict edit time".
There are already some commands specifically for the admin:
Admin textarea = <cols>,<rows>
Admin user = <user list>
It would make sense to add more of them, for this specific case:
- Admin restrict edit time =
<hours>
If that is set to "-1", then the Admin can edit old entries regardless of their age. Actually there is no option to "unset" restrict edit time inherited from a global config: a negative time would make sense as "disabling" restrict edit time.
Another item for the endless wishlist ;-)
Cheers, Andreas
Sebastian Schenk wrote: |
Hello,
I have experienced some inconveniences with the restrict edit time option.
First, it is not possible for admin users to edit an entry after the edit time.
The restrict edit option allows admin users to edit posts from other users,
so I think admins should also be allowed to edit posts after edit time.
As they can edit the config and temporarily disable the restrict edit time option, which is an issue.
Secondly, if a user made a draft and did not submitted it before the edit time runs out,
the draft got stuck as it cannot be edited (and submitted) any more.
Best wishes,
Sebastian
|
|
1851
|
Thu Jun 22 08:04:13 2006 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.6.1 | Re: restrict access | > -1- how can I restrict the access
> of a certain user such that he can only see certain logbooks.
This can be achieved with the "Login user = ..." option.
> But also not showing the other logbooks on the selection page.
You could try to use "top groups". This gives you "separate" groups of logbooks, so you could make a public tree
seen by everybody and private trees only seen by a few people. Please read the documentation for details.
> -2- How can I have a login page instead of the logbook selection page.
> When I insert the password statement the config, I get a blank page.
You get a login page instead of the selection page if the "Password file = " statement is in the [global] section
and "Protect selection page = 1". You might have to delete all cookies in your browser if you move the password
file statement between the [global] and the logbook sections, because otherwise the old cookies might prevent you
from logging out. |
1853
|
Thu Jun 22 11:29:17 2006 |
| Gerald Ebberink | g.h.p.ebberink@nclr.nl | Question | Linux | 2.6.1 | Re: restrict access | > > -1- how can I restrict the access
> > of a certain user such that he can only see certain logbooks.
>
> This can be achieved with the "Login user = ..." option.
That is what I found in the mean time. And it works like a charm.
>
> > But also not showing the other logbooks on the selection page.
>
> You could try to use "top groups". This gives you "separate" groups of logbooks, so you could make a public tree
> seen by everybody and private trees only seen by a few people. Please read the documentation for details.
I'm now using this (I had to redesign our tree for that)
> > -2- How can I have a login page instead of the logbook selection page.
> > When I insert the password statement the config, I get a blank page.
>
> You get a login page instead of the selection page if the "Password file = " statement is in the [global] section
> and "Protect selection page = 1". You might have to delete all cookies in your browser if you move the password
> file statement between the [global] and the logbook sections, because otherwise the old cookies might prevent you
> from logging out.
This is not working for me, in Mozilla Firefox I'm still getting a blank page, where IE is giving me an error
stating
that the page is unavailable |
1854
|
Thu Jun 22 11:38:38 2006 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.6.1 | Re: restrict access | > > You get a login page instead of the selection page if the "Password file = " statement is in the [global]
section
> > and "Protect selection page = 1". You might have to delete all cookies in your browser if you move the password
> > file statement between the [global] and the logbook sections, because otherwise the old cookies might
prevent you
> > from logging out.
>
> This is not working for me, in Mozilla Firefox I'm still getting a blank page, where IE is giving me an error
> stating that the page is unavailable
If I use following config file:
[global]
port = 8080
password file = passwd
protect selection page = 1
[demo1]
Attributes = Author, Type, Category, Subject
[demo2]
Attributes = Author, Type, Category, Subject
then I don't get a blank page. An unavailable page you should only get whan you use top groups, and want to
access the root. |
1855
|
Thu Jun 22 12:10:00 2006 |
| Gerald Ebberink | g.h.p.ebberink@nclr.nl | Question | Linux | 2.6.1 | Re: restrict access | > > > You get a login page instead of the selection page if the "Password file = " statement is in the [global]
> section
> > > and "Protect selection page = 1". You might have to delete all cookies in your browser if you move the password
> > > file statement between the [global] and the logbook sections, because otherwise the old cookies might
> prevent you
> > > from logging out.
> >
> > This is not working for me, in Mozilla Firefox I'm still getting a blank page, where IE is giving me an error
> > stating that the page is unavailable
>
> If I use following config file:
>
>
> [global]
> port = 8080
> password file = passwd
> protect selection page = 1
>
> [demo1]
> Attributes = Author, Type, Category, Subject
>
> [demo2]
> Attributes = Author, Type, Category, Subject
>
>
> then I don't get a blank page. An unavailable page you should only get whan you use top groups, and want to
> access the root.
I use the folowing file and do get this error (the company names and other sensitive information has been changed to
something simular but not so sensitive)
[global]
logbook tabs = 1
port = 80
Logbook dir = /srv/elog/logbooks/
URL = http://my.domain/
Protect selection page = 1
Password file = /srv/elog/passwords/main.passwd
Self register = 0
Admin user = Gerald
Group World = Procedures, Work
Group Work = Company, Company2
Group Company = twiddle
Group twiddle = Panels, Bond
[Procedures]
Theme = default
Comment = General Procedures for use with
Attributes = Author, Category, Subject
Options Category = Maintenance, Alignment
Required Attributes = Author, Category
Subdir = Some/dir
[Company2]
Theme = default
Comment = Company2 project Page
Attributes = Author, Category, Subject
Options Category = Scheduling, During Progress, During measuring, After
Required Attributes = Author
Subdir = some/dir
[Panels]
Theme = default
Attributes = Author, Category, Subject
Options Category = Scheduling, During Progress, During measuring, After
Required Attributes = Author
Subdir = Some/dir
Expand default = 2
Protect selection page = 1
[bond]
Theme = default
Attributes = Author, Category, Subject
Options Category = Scheduling, During Progress, During measuring, After
Required Attributes = Author
Subdir = some/dir |
|