on 05-11-2010 1:02 PM
Hi All,
Today I done a trusted authentication setup. My question is only by sending user name and server name if we can make the system open, then anybody from network can access the system who knows your server name.
Is there anything that we can secure the system from outsiders?
Thanks,
Rajendra
which method of trusted auth are you using (http_header, remote user, other?)
1309780 - How To Protect Trusted Authentication explains that if you want to secure TA you would need to design your own 3rd party solution using technology such as SSL and IP restrictions to prevent impersonation.
The built in TA settings do have a time value that can be set in the CMC > Authentication > enterprise which is designed to prevent packet tampering only
Trusted authentication is designed for compatibility not security it is for customers that cannot or do not want to implement a more secure SSO such as AD/kerberos
Regards,
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can have the ports on your Application Server open only to your local area network, and closed to the Internet through a set of Firewall rules.
It can also be secured in a fashion based on the type of authentication you are using and your settings in the CMC. For example, if you are using LDAP authentication and have it set to the "New user accounts will not be created", then if someone tries to log in with a username that does not already exist in BOE, then the logon will fail. Only users with an existing account will be able to use it.
Hopefully this helps.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
95 | |
11 | |
11 | |
10 | |
9 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.