I found a smal lissue but nothing really helpful in the code.
At logout from the portal I get redirected to /pages/logoff.php which is not really nice because of firewall rules.
If I give access to the portal from outside the network the user will never see the logoff.php page because I restrict the access to /portal/
The login is working well. If I call the portal/index.php directly I get the login page.
Where can I change the current behavior of itop?
I setup a second instance accessing the same DB. Which files are really needed for the portal and which files can be deleted on the second instance?
There are a lot of documents in the CMDB and I want to prevent access to it by a bug or a mistake.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Edit: application/portalwebpage.class.inc.php
search for logoff.php and edit the path. Copy pages/logoff.php to portal/logoff.php and edit the file logoff.php line 38
change the path to portal/index.php
Dont`t know why there is a check if($bPortal) because this check doesn`t return that the user is coming from portal and still tries to redirect to pages/UI.php.
Hope this helps someone.
The main problem of the security is still existing. I found out that its not so easy to just delete some files :) Some files are linked in the config-itop.php and others are called within the classes.
It`s not strictly splittet so it will be a hard job to find out what can be deleted.
My solution is above:
Second instance without ldap config and different logoff.php.
Secure the path to the normal application by the httpd.conf and allow access to /portal/index.php
If someone else has another good idea… :)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I found a smal lissue but nothing really helpful in the code.
At logout from the portal I get redirected to /pages/logoff.php which is not really nice because of firewall rules.
If I give access to the portal from outside the network the user will never see the logoff.php page because I restrict the access to /portal/
The login is working well. If I call the portal/index.php directly I get the login page.
Where can I change the current behavior of itop?
I setup a second instance accessing the same DB. Which files are really needed for the portal and which files can be deleted on the second instance?
There are a lot of documents in the CMDB and I want to prevent access to it by a bug or a mistake.
Hi I found the page to change the logoff value:
Edit: application/portalwebpage.class.inc.php
search for logoff.php and edit the path. Copy pages/logoff.php to portal/logoff.php and edit the file logoff.php line 38
change the path to portal/index.php
Dont`t know why there is a check if($bPortal) because this check doesn`t return that the user is coming from portal and still tries to redirect to pages/UI.php.
Hope this helps someone.
The main problem of the security is still existing. I found out that its not so easy to just delete some files :) Some files are linked in the config-itop.php and others are called within the classes.
It`s not strictly splittet so it will be a hard job to find out what can be deleted.
My solution is above:
Second instance without ldap config and different logoff.php.
Secure the path to the normal application by the httpd.conf and allow access to /portal/index.php
If someone else has another good idea… :)