[mapguide-users] RE: MG Security question
Bruce Dechant
bruce.dechant at autodesk.com
Wed Aug 26 17:58:08 EDT 2009
Tom,
I don't know of any document describing the security of MGOS.
In regards to your concern over serveradminhelper it is hard coded to use the default administrator user name and password - so credentials are still required just no dialog. If you plan on using MGOS or any other system that uses logon credentials it is always recommended that you change the default administrator credentials. However, I do think that the serveradminhelper pages need to be updated so that credentials are asked in a dialog instead of being hard coded.
Thanks,
Bruce
From: mapguide-users-bounces at lists.osgeo.org [mailto:mapguide-users-bounces at lists.osgeo.org] On Behalf Of Homan, Thomas
Sent: Wednesday, August 26, 2009 11:23 AM
To: mapguide-users at lists.osgeo.org
Subject: [mapguide-users] MG Security question
Hello,
Does there happen to be a doc/wiki relating to security on MGOS?
I'm hoping to find something that details the obvious security holes like where the 'serveradminhelper.(php/aspx/jsp) is called from mapagent/index.html ---> Server Admin and allows someone to take the MG server offline without having to enter any credentials. By default install that tidbit is exposed to the public for their entertainment.
I'd like to know any of the other suprises that I don't yet know about as well.
Thanks in advance
Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/mapguide-users/attachments/20090826/39e756ee/attachment.html
More information about the mapguide-users
mailing list