WebJaxe
WebJaxe
Introduction to WebJaxeInstallationUser guideAdministrator guideThe XPAGES language
Home pageSummaryPage for printing<-->

Securing WebJaxe

Authors: Damien Guillaume, Soufiane Ayadi

The information to access the database is stored in the site_config.xml file, located in the site_config folder. This folder is protected for the Apache web server with a .htaccess file if .htaccess files are enabled with the instruction AllowOverride in httpd.conf. This prevents reading site_config.xml directly from the web, while still letting WebJaxe use it.

This protection only works with the Apache web server. If you use another web server, such as IIS, you will need to protect the site_config folder in another way, for instance by editing its properties and forbidding reading. The way to do that is unfortunately different from one web server to another.

A .htaccess can also be added to the other folders in ordre to manage reading authorizations.

To avoid having to manage both Apache and WebJaxe users to control access, the lecture_fichier.php PHP script can be used with the Mod_rewrite Apache module. For instance, the following code can be placed in a .htaccess file in the contribXML and sites folders, to make sure that only authorized WebJaxe users can access the XML files and the websites created with WebJaxe :

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(.*)$ ../php/partie_utilisateur/lecture_fichier.php?fichier=%{REQUEST_URI}
</IfModule>

This code redirects read requests for all files in the folder to the lecture_fichier.php script, which only returns the contents of the files for connected authorized WebJaxe users.

Aside from that, for a better protection of passwords on the network, it is recommended to use https to connect to WebJaxe.

Previous pageNext page