You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by James Sherwood <js...@rgisolutions.com> on 2009/02/11 00:31:02 UTC
Site security
Hello,
I was wondering what would be the best way to implement this security(sorry
if it is outside the scope of T5):
I am only going to allow a certain IP range to log into the site, however
some people need to use the site from laptops on the road.
What is the best way to accomplish this? I was thinking through the mac
address of the machine maybe or something of that nature?
Thanks,
--James
RE: Site security
Posted by James Sherwood <js...@rgisolutions.com>.
Hello,
Thanks,
The admin side is a full user/role deal but they are being very strict on
security.
The public side is a separate app so I'm good, thanks for your help.
--James
-----Original Message-----
From: Christian Edward Gruber [mailto:christianedwardgruber@gmail.com]
Sent: February-11-09 1:38 PM
To: Tapestry users
Subject: Re: Site security
Well, if you have your admin side as a separate application (on the
same app-server) than the solution I mentioned could work if the front-
end web-server is separate. In that case, you can link one (public)
server against the app context of the public app, and a separate
(internal) webserver against the context that should be inaccessible.
In neither case can anyone access the app-server directly.
But if you have a single web-server/app-server with both things
available, then you can't really prevent access by ip/mac address
reliably. You should, rather, have a user/role system in place such
that only those users who are logged in and have role-based access to
the admin app can even see it, let alone use it.
Christian.
On 11-Feb-09, at 07:08 , James Sherwood wrote:
> Hello,
>
> Thanks for the reply.
>
> I have a public side(anyone is allowed to access) and an admin
> side(very
> restricted), both on the same server. Will this still solve my
> issue if I
> use 2 webservers or will I need 2 separate servers?
>
> --James
>
> -----Original Message-----
> From: Christian Edward Gruber [mailto:christianedwardgruber@gmail.com]
> Sent: February-10-09 7:45 PM
> To: Tapestry users
> Subject: Re: Site security
>
> The best way (and this is really not a T5 issue) is not to rely on MAC
> or IP addresses, as these can be forged. You should set up a virtual
> private network, and only allow those within that VPN to access the
> site. The remote users log-on to the VPN, and people inside your
> network already have access, so no one from the internet in general
> can even see the server.
>
> Christian.
>
> On 10-Feb-09, at 18:31 , James Sherwood wrote:
>
>> Hello,
>>
>>
>>
>> I was wondering what would be the best way to implement this
>> security(sorry
>> if it is outside the scope of T5):
>>
>>
>>
>> I am only going to allow a certain IP range to log into the site,
>> however
>> some people need to use the site from laptops on the road.
>>
>>
>>
>> What is the best way to accomplish this? I was thinking through the
>> mac
>> address of the machine maybe or something of that nature?
>>
>>
>>
>> Thanks,
>>
>> --James
>>
>
> Christian Edward Gruber
> christianedwardgruber@gmail.com
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
Christian Edward Gruber
christianedwardgruber@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Site security
Posted by Christian Edward Gruber <ch...@gmail.com>.
Well, if you have your admin side as a separate application (on the
same app-server) than the solution I mentioned could work if the front-
end web-server is separate. In that case, you can link one (public)
server against the app context of the public app, and a separate
(internal) webserver against the context that should be inaccessible.
In neither case can anyone access the app-server directly.
But if you have a single web-server/app-server with both things
available, then you can't really prevent access by ip/mac address
reliably. You should, rather, have a user/role system in place such
that only those users who are logged in and have role-based access to
the admin app can even see it, let alone use it.
Christian.
On 11-Feb-09, at 07:08 , James Sherwood wrote:
> Hello,
>
> Thanks for the reply.
>
> I have a public side(anyone is allowed to access) and an admin
> side(very
> restricted), both on the same server. Will this still solve my
> issue if I
> use 2 webservers or will I need 2 separate servers?
>
> --James
>
> -----Original Message-----
> From: Christian Edward Gruber [mailto:christianedwardgruber@gmail.com]
> Sent: February-10-09 7:45 PM
> To: Tapestry users
> Subject: Re: Site security
>
> The best way (and this is really not a T5 issue) is not to rely on MAC
> or IP addresses, as these can be forged. You should set up a virtual
> private network, and only allow those within that VPN to access the
> site. The remote users log-on to the VPN, and people inside your
> network already have access, so no one from the internet in general
> can even see the server.
>
> Christian.
>
> On 10-Feb-09, at 18:31 , James Sherwood wrote:
>
>> Hello,
>>
>>
>>
>> I was wondering what would be the best way to implement this
>> security(sorry
>> if it is outside the scope of T5):
>>
>>
>>
>> I am only going to allow a certain IP range to log into the site,
>> however
>> some people need to use the site from laptops on the road.
>>
>>
>>
>> What is the best way to accomplish this? I was thinking through the
>> mac
>> address of the machine maybe or something of that nature?
>>
>>
>>
>> Thanks,
>>
>> --James
>>
>
> Christian Edward Gruber
> christianedwardgruber@gmail.com
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
Christian Edward Gruber
christianedwardgruber@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
RE: Site security
Posted by James Sherwood <js...@rgisolutions.com>.
Hello,
Thanks for the reply.
I have a public side(anyone is allowed to access) and an admin side(very
restricted), both on the same server. Will this still solve my issue if I
use 2 webservers or will I need 2 separate servers?
--James
-----Original Message-----
From: Christian Edward Gruber [mailto:christianedwardgruber@gmail.com]
Sent: February-10-09 7:45 PM
To: Tapestry users
Subject: Re: Site security
The best way (and this is really not a T5 issue) is not to rely on MAC
or IP addresses, as these can be forged. You should set up a virtual
private network, and only allow those within that VPN to access the
site. The remote users log-on to the VPN, and people inside your
network already have access, so no one from the internet in general
can even see the server.
Christian.
On 10-Feb-09, at 18:31 , James Sherwood wrote:
> Hello,
>
>
>
> I was wondering what would be the best way to implement this
> security(sorry
> if it is outside the scope of T5):
>
>
>
> I am only going to allow a certain IP range to log into the site,
> however
> some people need to use the site from laptops on the road.
>
>
>
> What is the best way to accomplish this? I was thinking through the
> mac
> address of the machine maybe or something of that nature?
>
>
>
> Thanks,
>
> --James
>
Christian Edward Gruber
christianedwardgruber@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Site security
Posted by Christian Edward Gruber <ch...@gmail.com>.
The best way (and this is really not a T5 issue) is not to rely on MAC
or IP addresses, as these can be forged. You should set up a virtual
private network, and only allow those within that VPN to access the
site. The remote users log-on to the VPN, and people inside your
network already have access, so no one from the internet in general
can even see the server.
Christian.
On 10-Feb-09, at 18:31 , James Sherwood wrote:
> Hello,
>
>
>
> I was wondering what would be the best way to implement this
> security(sorry
> if it is outside the scope of T5):
>
>
>
> I am only going to allow a certain IP range to log into the site,
> however
> some people need to use the site from laptops on the road.
>
>
>
> What is the best way to accomplish this? I was thinking through the
> mac
> address of the machine maybe or something of that nature?
>
>
>
> Thanks,
>
> --James
>
Christian Edward Gruber
christianedwardgruber@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org