<link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=6404421965050424285&amp;zx=a66227d8-d36d-4fb2-ad7e-d7c3e7edf8b3' rel='stylesheet'/>

Friday, 28 February 2014

RedDot 11.x new security settings


The new security setting implemented by OpenText in the 11.x version of RedDot are causing problems for a few people. Unless your RedDot servers are public facing (probably not in most cases) you can safely disable the cross site scripting and session checking code.

Why would I want to do that?

Because they can prevent various plugins and extensions from working properly.

How?

Edit \OpenText\WS\MS\Web\Navigation\web.config
Comment out or remove the line:
<add name="HttpSessionModule" type="OpenText.WS.MS.Interop.Security.HttpSessionModule,OpenText.WS.MS.Server.Ui"/>

Edit \OpenText\WS\MS\ASP\web.config
Comment out or remove the following:
<add name="AntiCsrfModule" type="OpenText.WS.MS.Core.Security.Csrf.AntiCsrfModule,OpenText.WS.MS.Core, Version=11.0.1.0, Culture=neutral, PublicKeyToken=9763136D9E6661AD"/>

N.B. You will have to reapply these changes after an upgrade or re-install.
Posted by John Allen at 04:14
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)