Seaside Security

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Seaside Security

Hans N Beck-2
Hi dear Seaside gurus :-),

one think I never really understand using Seaside:

  by default, there is this control bar at the bottom "configure  
toggle halos new session etc".  Whow can I make sure that only an  
special logged-in user can see this bar ? I have read about and played  
with WAAuthConfiguration, but neither it could let disappear the bar  
nor I got any log-in window (or could see if I maybe already be logged-
in).

How to do this ?

If I manage User and Groups in Pier, are this the same as for  
WAAuthConfiguration or are these user managements completley divided ?


Thanks for help :-)

Hans
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Security

Michel Bany
Hi Hans,

What about registering your root component twice, under different  
urls, for example:

(WACounter registerAsApplication: 'c1')
        preferenceAt: #deploymentMode put: true.

(WACounter registerAsAuthenticatedApplication: 'c2')
        preferenceAt: #login put: 'user';
        preferenceAt: #password put: 'pass';
        preferenceAt: #deploymentMode put: false.

HTH
Michel.


On Jul 23, 2008, at 6:46 AM, Hans N Beck wrote:

> Hi dear Seaside gurus :-),
>
> one think I never really understand using Seaside:
>
>  by default, there is this control bar at the bottom "configure  
> toggle halos new session etc".  Whow can I make sure that only an  
> special logged-in user can see this bar ? I have read about and  
> played with WAAuthConfiguration, but neither it could let disappear  
> the bar nor I got any log-in window (or could see if I maybe  
> already be logged-in).
>
> How to do this ?
>
> If I manage User and Groups in Pier, are this the same as for  
> WAAuthConfiguration or are these user managements completley divided ?
>
>
> Thanks for help :-)
>
> Hans
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Security

Lukas Renggli
The toolbar is not really ment for anything else than development. I
would disable it for any productive application.

Lukas

On 7/23/08, Michel Bany <[hidden email]> wrote:

> Hi Hans,
>
>  What about registering your root component twice, under different urls, for
> example:
>
>  (WACounter registerAsApplication: 'c1')
>         preferenceAt: #deploymentMode put: true.
>
>  (WACounter registerAsAuthenticatedApplication: 'c2')
>         preferenceAt: #login put: 'user';
>         preferenceAt: #password put: 'pass';
>         preferenceAt: #deploymentMode put: false.
>
>  HTH
>  Michel.
>
>
>
>  On Jul 23, 2008, at 6:46 AM, Hans N Beck wrote:
>
>
> > Hi dear Seaside gurus :-),
> >
> > one think I never really understand using Seaside:
> >
> >  by default, there is this control bar at the bottom "configure toggle
> halos new session etc".  Whow can I make sure that only an special logged-in
> user can see this bar ? I have read about and played with
> WAAuthConfiguration, but neither it could let disappear the bar nor I got
> any log-in window (or could see if I maybe already be logged-in).
> >
> > How to do this ?
> >
> > If I manage User and Groups in Pier, are this the same as for
> WAAuthConfiguration or are these user managements completley divided ?
> >
> >
> > Thanks for help :-)
> >
> > Hans
> > _______________________________________________
> > seaside mailing list
> > [hidden email]
> >
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
> >
>
>  _______________________________________________
>  seaside mailing list
>  [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>


--
Lukas Renggli
http://www.lukas-renggli.ch
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Security

Hans N Beck-2
Hi,

thank you for help.

Ok, setting up Deployment mode let disapear the tool bar, great.
Removing all not needed applications for delivery (as pointed out in  
some tutorial) is clear.

But how I prevent that someone is accessing .../seaside/config ? The  
only way seems  to removing the config application. But that is bad,  
because perhaps I want configure something later and not in code....

And the other thing but related is this: according to tutorials, if  
one set up WAAuthConfiguration as an ancessor in the configuration of  
an application, then the log-in dialog should come up if one try to  
access .../seaside/<myapplication> . But this doen't happen for me.  
Perhaps there is a little detail I overlook....

(I use the Web Image from Damien Cassou).

Thanks

Hans

Am 23.07.2008 um 11:14 schrieb Lukas Renggli:

> The toolbar is not really ment for anything else than development. I
> would disable it for any productive application.
>
> Lukas
>
> On 7/23/08, Michel Bany <[hidden email]> wrote:
>> Hi Hans,
>>
>> What about registering your root component twice, under different  
>> urls, for
>> example:
>>
>> (WACounter registerAsApplication: 'c1')
>>        preferenceAt: #deploymentMode put: true.
>>
>> (WACounter registerAsAuthenticatedApplication: 'c2')
>>        preferenceAt: #login put: 'user';
>>        preferenceAt: #password put: 'pass';
>>        preferenceAt: #deploymentMode put: false.
>>
>> HTH
>> Michel.
>>
>>
>>
>> On Jul 23, 2008, at 6:46 AM, Hans N Beck wrote:
>>
>>
>>> Hi dear Seaside gurus :-),
>>>
>>> one think I never really understand using Seaside:
>>>
>>> by default, there is this control bar at the bottom "configure  
>>> toggle
>> halos new session etc".  Whow can I make sure that only an special  
>> logged-in
>> user can see this bar ? I have read about and played with
>> WAAuthConfiguration, but neither it could let disappear the bar nor  
>> I got
>> any log-in window (or could see if I maybe already be logged-in).
>>>
>>> How to do this ?
>>>
>>> If I manage User and Groups in Pier, are this the same as for
>> WAAuthConfiguration or are these user managements completley  
>> divided ?
>>>
>>>
>>> Thanks for help :-)
>>>
>>> Hans
>>> _______________________________________________
>>> seaside mailing list
>>> [hidden email]
>>>
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>>
>>
>> _______________________________________________
>> seaside mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>
>
>
> --
> Lukas Renggli
> http://www.lukas-renggli.ch
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Security

Francisco A. Lizarralde

El mié, 23-07-2008 a las 21:34 +0200, Hans N Beck escribió:
>
> But how I prevent that someone is accessing .../seaside/config ?
If you set a new password, only you can change the config settings.

Best regards,

Francisco

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Security

Lukas Renggli
In reply to this post by Hans N Beck-2
>  But how I prevent that someone is accessing .../seaside/config ? The only
> way seems  to removing the config application. But that is bad, because
> perhaps I want configure something later and not in code....

Again the story with Apache.

The Squeak image servers all applications on port 8080 that is hidden
behind the firewall. This means from outside the server I cannot
access port 8080.

Then there is Apache that proxies requests to www.myapp.com to
localhost:8080/seaside/myapp.

When I want to access the config application I go to the server (or
use a tunnel) to access localhost:8080/seaside/config.

>  And the other thing but related is this: according to tutorials, if one set
> up WAAuthConfiguration as an ancessor in the configuration of an
> application, then the log-in dialog should come up if one try to access
> .../seaside/<myapplication> . But this doen't happen for me. Perhaps there
> is a little detail I overlook....

Did you set the username and password in the config application?

It could also be that your web browser caches the authentication
somehow. So you only need to enter it once.

Cheers,
Lukas

--
Lukas Renggli
http://www.lukas-renggli.ch
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Security

Hans N Beck-2
Hi,

>
>
> The Squeak image servers all applications on port 8080 that is hidden
> behind the firewall. This means from outside the server I cannot
> access port 8080.
>
> Then there is Apache that proxies requests to www.myapp.com to
> localhost:8080/seaside/myapp.
>
> When I want to access the config application I go to the server (or
> use a tunnel) to access localhost:8080/seaside/config.

ok, clear, thanks for explanation :-)

>
>
>> And the other thing but related is this: according to tutorials, if  
>> one set
>> up WAAuthConfiguration as an ancessor in the configuration of an
>> application, then the log-in dialog should come up if one try to  
>> access
>> .../seaside/<myapplication> . But this doen't happen for me.  
>> Perhaps there
>> is a little detail I overlook....
>
> Did you set the username and password in the config application?
>
> It could also be that your web browser caches the authentication
> somehow. So you only need to enter it once.

yeah, in Firefox, if deleting "private data", it works, Safari doesn't  
work even if triggering "Empty Cache". Anyway, it's clear now.

Thanks for help!

Hans

>
>
> Cheers,
> Lukas
>
> --
> Lukas Renggli
> http://www.lukas-renggli.ch
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside