You are viewing limited content. For full access, please sign in.

Question

Question

Security of Workflow Web Services

Workflow
Updated January 29, 2015
asked on January 28, 2015

We have a Laserfiche v9.2 hosted SaaS server that also runs Workflow.  I have someone who wants to us BPM which requires workflow web services.  I am trying to figure out if that would be secure.  I know you have to select either SSL or normal http when configuring it, but I am unsure of what data is passed over that connection.  Obviously SSL would probably be a good idea, but I am not sure what effect that would have on the remote computer trying to run the BPM either.  I am not even sure it is even a good idea to have it enabled at all across the internet instead of intranet only.  Any thoughts?

0 0

Replies

replied on January 28, 2015

The Web Service uses Windows authentication by default. You can either use IIS to filter out IP addresses or you can use the web service's Config.XML to set up white and black lists of IPs. The config file is located at <install directory>\Web\Laserfiche.Workflow.Web\Config\Config.xml. You would need to add <Subnet></Subnet> tags to the section you want and inside them specify the addresses to allow or exclude. You can use CIDR notation to include or exclude a block of addresses.

For ex,

      <Allowed>
          <Subnet>192.168.100.0/24</Subnet>
      </Allowed>

would allow anything in the 192.168.100.0 to 192.168.100.255 range.

0 0
replied on January 28, 2015 Show version history

Hi Miruna,

I was wondering if I could pick your brains for an issue that is more IIS than Laserfiche...

When using a remote Linux client, how do I authenticate? I found this MS article that appears to answer my query but was wondering if you had any experience yourself or could recommend another guide.

Also, do you know how do disable authentication? It appears to be anonymous but I haven't got the right VMs to test.

-Ben

 

 

0 0
replied on January 29, 2015

I've never set up authentication from Linux to Windows.

Yes, if you set the authentication for the web service to anonymous, then that virtually disables authentication (that was the default for the web service in 9.0).

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...