Scriptico

Securing WebORB Console

WebORB Management Console is a flex application to manage the installed instance of WebORB. There is a number of available features in the console, and describing them is out of the article scope. I would like to say that the unsecured and available through the internet WebORB console may be a gap in the system security. So, how you can secure the console? Easily!

Step 1. Setup credentials

All credentials are stored in the /weborb.config file (.NET version) and /webapp/WEB-INF/classes/weborb-acl.xml (Java version). Credentials contain username, password, and role values. By default, WebORB has few credentials and one of them is the following:

username:admin
password:changeme
role:administrator

Obviously, you have to change it before moving on to the next step. Just open the file and find a node with the name “acl”. For instance, changed credentials may look like it is shown below:

<acl>
<user>
<name>george</name>
<password>83*uej_23</password>
<role>administrator</role>
</user>
</acl>

Be secure and use an elusive password!

Step 2. Open the console

As you can see it on the screenshot I opened it on the localhost:

Step 3

Go to the SERVICES tab, expand the .NET Assemblies right tree, expand the weborb.dll node and go to the WebORB -> Management. Select the Management node, and you will see exactly the same picture with the following screenshot:

Step 4

Grand an access to your big boss, specified in the file (step 1). Select the Security Tab in the center window, then in the permission editor click select the Role Restriction type, then select your role name (in my case the name is “administrator”), and select the Grand radio box. Click on the add box. Please make sure that your .NET account has the Write access to the weborb config file in case with .NET.

Step 5

Now, you have to deny the access of everybody else to your console. Select the Single IP restriction type, the IP Mask fields will be filled by default with * mark; otherwise, specify the * mark for each box. Select the Deny access radio box, and click the Add button. The final result is shown below.

Well, we are done! Let’s just check it locally and from a remote computer. Now, your console is secured and you can sleep well! Feel free to punch me if you have any questions.

Btw, Midnight Coders’ guys have a complete description how to secure the console here; however, the console face was changed since the 3.6 version, and I just wrote a small update.

Category: WebORB (.NET)

Tagged:

Leave a Reply

ERROR: si-captcha.php plugin: GD image support not detected in PHP!

Contact your web host and ask them to enable GD image support for PHP.

ERROR: si-captcha.php plugin: imagepng function not detected in PHP!

Contact your web host and ask them to enable imagepng for PHP.