Hi there,

Here's a bit of a special scenario. There's no server-side check the user is logged in upon posting, but it rather seems the server relies on the post data sent from the form.

An example of this can be triggered on a write restricted elog, by hitting on New and logging out in another tab. Then posting, from the first tab, will post as if the user was logged on. Hitting back and posting again also works.

Cheers

 Please add my vote for this on the wishlist.

> The instructions for securing elogd using an SSL proxy are incomplete.
> http://midas.psi.ch/elog/adminguide.html#secure
> http://midas.psi.ch/elogs/contributions/11
> 
> If you follow these instructions, elogd will still listen for and accept non-SSL connections on it's own TCP port bypassing the SSL proxy.
> 
> (True, the elogd TCP port number is somewhat secret, so there is some security-by-obscurity here).
> 
> To secure the elogd TCP port against connections that bypass the SSL proxy, elogd has to be started
> with the "-n localhost" command line options.
> 
> To add this option, one has to edit /etc/init.d/elogd. I do not know if this change will be lost when the elog rpm package is updated.
> 
> It would be better if this option could have been specified through elogd.conf.
> 
> The "-n" command line option is not documented here
> http://midas.psi.ch/elog/adminguide.html#config
> but is visible if you run "elogd -h".
> 
> P.S. Even with "-n localhost", users of the local machine can bypass the SSL proxy.
> 
> K.O.

I added the option "interface" to the config file. So you could do

[global]
...
interface = localhost


It was not there originally since most people who care about security use a firewall. The firewall (either locally or one another machine), opens only port 443 for the secure connection and 
not the non-secure one (typically 80 or 8080). This way this has not been an issue in the past. As you guessed correctly the -n option would be overwritten by an rpm package update, so 
that's why I added the "interface" option.

This is a good idea, but not implemented. I will put this on the wishlist.

/Stefan 

Hi,

Is it possbile to compare dates in E-log?

And based on that calculation have conditonal formats on certain attributes.

We have a need to monitor a date attribute named "Preferred finished date" on records placed in E-log.

And if SYSDATE is greater than the "Preferred finished date" we want to mark certain attibutes with a color.

Regards
/UlfO

The instructions for securing elogd using an SSL proxy are incomplete.
http://midas.psi.ch/elog/adminguide.html#secure
http://midas.psi.ch/elogs/contributions/11

If you follow these instructions, elogd will still listen for and accept non-SSL connections on it's own TCP port bypassing the SSL proxy.

(True, the elogd TCP port number is somewhat secret, so there is some security-by-obscurity here).

To secure the elogd TCP port against connections that bypass the SSL proxy, elogd has to be started
with the "-n localhost" command line options.

To add this option, one has to edit /etc/init.d/elogd. I do not know if this change will be lost when the elog rpm package is updated.

It would be better if this option could have been specified through elogd.conf.

The "-n" command line option is not documented here
http://midas.psi.ch/elog/adminguide.html#config
but is visible if you run "elogd -h".

P.S. Even with "-n localhost", users of the local machine can bypass the SSL proxy.

K.O.

Hi Stefan, thank you very much for having a look at this :-)



Here is the config file we use. Seems okay to me, but I may be overlooking something.





[global]

port = 8080

SMTP host = localhost

Self register= 0

Display Email recipients = 0

Use Email Subject = [ELOG - $logbook]

Date format = %a %d-%b-%Y %H:%M

Default encoding = 1

Allowed encoding = 1



[MYLOGBOOK]

Theme = default

Comment = My logbook

Password file = passw_mylogbook.pwd

Admin user = admin,user1,user2,user3

Self register= 3

Menu commands = List, New, Edit, Reply, Duplicate, Find, Config, Logout, Help

Attributes = Author, Type, Category, Subject, ServerNaam

Preset Author = $long_name

Options Type = Opt01, Opt02, Opt03, Opt04, Opt05

Options Category = Cat01, Cat02, Cat03, Cat04, Cat05, Cat06, Cat07

MOptions ServerNaam = Server01

Preset ServerNaam = Server01

Required Attributes = Author, Type, ServerNaam

Page Title = ELOG - $subject

Reverse sort = 1

Quick filter = Date, Type, ServerNaam

> After entering a new user and activating it in ELOG, the new user receives an email.
> The link does not work because the port number is repeated in the link (see below)
> In the Global part of the elogd.ini we have added the port:
> port = 8080
> 
> Maybe I am overlooking something, any suggestions are very much appreciated!
> 
> Thanks!
> Ron
> 
> - - - - - -
> 
> Email Subject: Your ELOG account has been activated
> 
> Email Body:
> 
> Your ELOG account has been activated on host eloghost:8080.
> 
> You can access it at http://eloghost:8080:8080/logbookname/?unm=newuser.
> 
> To subscribe to any logbook, click on 'Config' in that logbook.

I just tried myself and got:



Your ELOG account has been activated on host localhost:8080.

You can access it at http://localhost:8080/Demo/?unm=midas.

To subscribe to any logbook, click on 'Config' in that logbook.



I used following config:

[global]
Port = 8080
Password file = passwd
SMTP host = xxx
Self register = 3
Admin user = stefan
 
[Demo]
Attributes = Type, Subject, Author


So something in your config file must be different. Can you find out what it is?

/Stefan