|
Home > Archive > Netware Webserver > August 2005 > NSearch seems to be providing wide-open access to files - no security
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
NSearch seems to be providing wide-open access to files - no security
|
|
| Warren Frush 2005-08-23, 2:45 am |
| I'm new at the NSearch setup, so I've probably done something wrong.
If I access the web page being hosted by a customers server, I get a
default welcoming page advertising the various Netware products. No
logon yet. If I click on the link for NSearch, I get a page that
talkes about how usefull search pages are. I can then fill in the
search form, search, and get a list of documents. Still no logon. The
top left icon says it's user PUBLIC.
This is less security than we'd like. What are some of the obvioius
dumb things I could have done to have this so wide open?
Warren
| |
| Anders Gustafsson 2005-08-23, 2:45 am |
| Warren Frush,
> This is less security than we'd like. What are some of the obvioius
> dumb things I could have done to have this so wide open?
You need to enable authentication in NSearch. Mind you, NSearch will
only sow links to files so you still need to have Apache sere them up.
- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)
Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement
Using VA 5.51 build 315 on Windows 2000 build 2195
| |
| Warren Frush 2005-08-23, 5:45 pm |
| I thought I had security turned on.
When using the Netware Web Search Manager at
https://[ip address]:2200/NSearch/AdminServlet
and click on the Security link on the left-side navigation bar, I
have chosen the "Check Authorization by Directory"
It lets a non-authenticated user view the search page results with no
authentication challenge...
On Tue, 23 Aug 2005 06:13:39 GMT, Anders Gustafsson
<dalton@nomail.to.me> wrote:
>Warren Frush,
>
>You need to enable authentication in NSearch. Mind you, NSearch will
>only sow links to files so you still need to have Apache sere them up.
>
>- Anders Gustafsson, Engineer, CNE6, ASE
> NSC Volunteer Sysop
> Pedago, The Aaland Islands (N60 E20)
>
>Novell does not monitor these forums officially.
>Enhancement requests for all Novell products may be made at
>http://support.novell.com/enhancement
>
>Using VA 5.51 build 315 on Windows 2000 build 2195
| |
| Anders Gustafsson 2005-08-24, 2:45 am |
| Warren Frush,
> I thought I had security turned on.
> When using the Netware Web Search Manager at
> https://[ip address]:2200/NSearch/AdminServlet
> and click on the Security link on the left-side navigation bar, I
> have chosen the "Check Authorization by Directory"
OK. That is just the first part. You need to specify per index as well
(unless you change the default). Edit your index, look under
"Rights-based Search Results". It works perfectly for me. Ie when off,
Public see all hits. With "by Result Item (Each result item is checked
for read access)" Public do not see any hits. You need to regenerate
the index ater the change.
- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)
Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement
Using VA 5.51 build 315 on Windows 2000 build 2195
|
|
|
|
|