Author Topic: Secure default webserver  (Read 4306 times)

dvand

  • Jr. Member
  • **
  • Posts: 41
    • View Profile
Secure default webserver
« on: December 05, 2010, 09:24:11 am »
Any ideas / techniques for securing the web interface?

I expect that IIS may have some way to do so but i wasn't successful in getting it to work.

John Hughes

  • Administrator
  • Hero Member
  • *****
  • Posts: 2852
    • View Profile
    • Codecore Technologies
Re: Secure default webserver
« Reply #1 on: December 05, 2010, 12:19:01 pm »
The web interface included with Elve is a very simple sample interface designed to work with most devices. Using J9SP (in IIS or in the built in web server) also allows you to add custom types of security but if you don't want to do any scripting then I would use IIS.

If you want to use SSL or authentication mechanisms built into the browser then you would want to use IIS. Review the Configuring IIS for J9SP document to host Elve via IIS. Then you can use one of the many security mechanisms in IIS. For example the simplest would probably be to turn on basic authentication to the web site and and set the file appropriate file permissions on the web site files.
John Hughes
Codecore Technologies

DaveB

  • Sr. Member
  • ****
  • Posts: 260
    • View Profile
Re: Secure default webserver
« Reply #2 on: December 07, 2010, 06:15:35 pm »
John;  Just a side note;  You could not have made it much more confusing.  I know it is due to time and changes, but you really need to streamline the web side of the product and seriously limit the options and choices. 
Thanks!
Dave

John Hughes

  • Administrator
  • Hero Member
  • *****
  • Posts: 2852
    • View Profile
    • Codecore Technologies
Re: Secure default webserver
« Reply #3 on: December 07, 2010, 09:52:41 pm »
Right, the web interface and web side of thing have not received much attention because there really just isn't much demand for it. We are planning a Silverlight viewer so that you can view your touch screens within a web browser which will likely cause even less demand for web server/web site changes.

The gist is that the built-in web server is a web server which works out of the box... no configuration is necessary. The included web site is very basic and takes the lowest common denominator approach so it works on any browser including non-smartphone browsers.

Using Microsoft IIS to host the web site is ideal and recommended when exposing the web site to non-secure networks such as the internet. However the process of setting this up is currently a manual process and requires some experience with IIS. The 'Configuring IIS for J9SP' documents how to do this.

The priority for web browser related support will be Silverlight support, and then if there is enough demand for it we will revisit the web site and IIS integration.
John Hughes
Codecore Technologies