> The instructions for securing elogd using an SSL proxy are incomplete.
> http://midas.psi.ch/elog/adminguide.html#secure
> http://midas.psi.ch/elogs/contributions/11
> 
> If you follow these instructions, elogd will still listen for and accept non-SSL connections on it's own TCP port bypassing the SSL proxy.
> 
> (True, the elogd TCP port number is somewhat secret, so there is some security-by-obscurity here).
> 
> To secure the elogd TCP port against connections that bypass the SSL proxy, elogd has to be started
> with the "-n localhost" command line options.
> 
> To add this option, one has to edit /etc/init.d/elogd. I do not know if this change will be lost when the elog rpm package is updated.
> 
> It would be better if this option could have been specified through elogd.conf.
> 
> The "-n" command line option is not documented here
> http://midas.psi.ch/elog/adminguide.html#config
> but is visible if you run "elogd -h".
> 
> P.S. Even with "-n localhost", users of the local machine can bypass the SSL proxy.
> 
> K.O.

I added the option "interface" to the config file. So you could do

[global]
...
interface = localhost


It was not there originally since most people who care about security use a firewall. The firewall (either locally or one another machine), opens only port 443 for the secure connection and 
not the non-secure one (typically 80 or 8080). This way this has not been an issue in the past. As you guessed correctly the -n option would be overwritten by an rpm package update, so 
that's why I added the "interface" option.

This is a good idea, but not implemented. I will put this on the wishlist.

/Stefan 

Hi,

Is it possbile to compare dates in E-log?

And based on that calculation have conditonal formats on certain attributes.

We have a need to monitor a date attribute named "Preferred finished date" on records placed in E-log.

And if SYSDATE is greater than the "Preferred finished date" we want to mark certain attibutes with a color.

Regards
/UlfO

The instructions for securing elogd using an SSL proxy are incomplete.
http://midas.psi.ch/elog/adminguide.html#secure
http://midas.psi.ch/elogs/contributions/11

If you follow these instructions, elogd will still listen for and accept non-SSL connections on it's own TCP port bypassing the SSL proxy.

(True, the elogd TCP port number is somewhat secret, so there is some security-by-obscurity here).

To secure the elogd TCP port against connections that bypass the SSL proxy, elogd has to be started
with the "-n localhost" command line options.

To add this option, one has to edit /etc/init.d/elogd. I do not know if this change will be lost when the elog rpm package is updated.

It would be better if this option could have been specified through elogd.conf.

The "-n" command line option is not documented here
http://midas.psi.ch/elog/adminguide.html#config
but is visible if you run "elogd -h".

P.S. Even with "-n localhost", users of the local machine can bypass the SSL proxy.

K.O.

Hi Stefan, thank you very much for having a look at this :-)



Here is the config file we use. Seems okay to me, but I may be overlooking something.





[global]

port = 8080

SMTP host = localhost

Self register= 0

Display Email recipients = 0

Use Email Subject = [ELOG - $logbook]

Date format = %a %d-%b-%Y %H:%M

Default encoding = 1

Allowed encoding = 1



[MYLOGBOOK]

Theme = default

Comment = My logbook

Password file = passw_mylogbook.pwd

Admin user = admin,user1,user2,user3

Self register= 3

Menu commands = List, New, Edit, Reply, Duplicate, Find, Config, Logout, Help

Attributes = Author, Type, Category, Subject, ServerNaam

Preset Author = $long_name

Options Type = Opt01, Opt02, Opt03, Opt04, Opt05

Options Category = Cat01, Cat02, Cat03, Cat04, Cat05, Cat06, Cat07

MOptions ServerNaam = Server01

Preset ServerNaam = Server01

Required Attributes = Author, Type, ServerNaam

Page Title = ELOG - $subject

Reverse sort = 1

Quick filter = Date, Type, ServerNaam

> After entering a new user and activating it in ELOG, the new user receives an email.
> The link does not work because the port number is repeated in the link (see below)
> In the Global part of the elogd.ini we have added the port:
> port = 8080
> 
> Maybe I am overlooking something, any suggestions are very much appreciated!
> 
> Thanks!
> Ron
> 
> - - - - - -
> 
> Email Subject: Your ELOG account has been activated
> 
> Email Body:
> 
> Your ELOG account has been activated on host eloghost:8080.
> 
> You can access it at http://eloghost:8080:8080/logbookname/?unm=newuser.
> 
> To subscribe to any logbook, click on 'Config' in that logbook.

I just tried myself and got:



Your ELOG account has been activated on host localhost:8080.

You can access it at http://localhost:8080/Demo/?unm=midas.

To subscribe to any logbook, click on 'Config' in that logbook.



I used following config:

[global]
Port = 8080
Password file = passwd
SMTP host = xxx
Self register = 3
Admin user = stefan
 
[Demo]
Attributes = Type, Subject, Author


So something in your config file must be different. Can you find out what it is?

/Stefan

 OK :-|

Thanks for the quick response

No, only "Fixed Attributes Reply".