SGD 4.4 - Logging in, did something change?

Do you ever get that spooky feeling when you visit a place you've been before, but something is slightly different, and you can't put your finger on what has changed?
That's a bit like the login procedure for SGD 4.4.

In versions leading up to SGD 4.4, simply by hitting the http://servername/sgd URL you were delivered the SGD client in the form of a Java archive. This was before you had logged in.
Now with 4.4, you have to successfully login before you get the client.

If any of you have web applications that talk to SGD using its web services, this subtle change may mean you have to switch around a couple of calls. but this is covered on the SGD wiki

Comments:

Speaking of logging in, is there any way to restrict access to the /sgdadmin site to internal IP's?

Normally, I would have put a reverse proxy in front of it and denied access using that, but SGD does not like reverse proxies.

Also, we only wanted to permit RSA SecurID cards for login, but that prevents the admin user from logging into the admin console (somebody though that the two should use the same authentication stack. Why I dont know. )

As it stands right now, anybody who figures out the admin password can login to the sgdadmin console from anywhere in the world. Not exactly a good security model.

I tried posting to the forum, but nobody responded. I have a feeling I know why :-)

Posted by John on December 11, 2007 at 07:24 AM GMT #

John,
An answer to your first question is in the latest blog entry http://blogs.sun.com/fatbloke/entry/sgd_4_4_protecting_the

-FB

Posted by Fat Bloke on December 12, 2007 at 10:06 AM GMT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Fat Bloke

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today