You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please implement user authentication, role based access and AD. Currently anyone hat hits the page can see every scan result. This is no bueno on rtos.
The text was updated successfully, but these errors were encountered:
On the Web interface, authentication has to be implemented by properly configuring the Web server.
In an AD or Kerberos environment for example, Apache can be configured to provide SSO.
The web server will set the REMOTE_USER environment variable, that Ivre is able to use to create per-user filters that the user cannot override. The corresponding configuration options are WEB_DEFAULT_INIT_QUERY and INIT_QUERIES.
For example, if you want that:
by default, a user cannot access any result,
the user admin@SUBNETWORK.NETWORK.AD can access results in the SubNetwork category,
users in @ADMIN.NETWORK.AD can access any results,
just write the following in /etc/ivre.conf:
Please implement user authentication, role based access and AD. Currently anyone hat hits the page can see every scan result. This is no bueno on rtos.
The text was updated successfully, but these errors were encountered: