Mercurial > hg > orthanc
comparison OrthancServer/main.cpp @ 3506:d2b9981017c4
better handling of HTTP security
| author | Sebastien Jodogne <s.jodogne@gmail.com> |
|---|---|
| date | Wed, 28 Aug 2019 15:19:04 +0200 |
| parents | 27b53c61aa99 |
| children | f07352e0375c |
comparison
equal
deleted
inserted
replaced
| 3505:b2d4dd16dae8 | 3506:d2b9981017c4 |
|---|---|
| 821 httpServer.SetRemoteAccessAllowed(lock.GetConfiguration().GetBooleanParameter("RemoteAccessAllowed", false)); | 821 httpServer.SetRemoteAccessAllowed(lock.GetConfiguration().GetBooleanParameter("RemoteAccessAllowed", false)); |
| 822 httpServer.SetKeepAliveEnabled(lock.GetConfiguration().GetBooleanParameter("KeepAlive", defaultKeepAlive)); | 822 httpServer.SetKeepAliveEnabled(lock.GetConfiguration().GetBooleanParameter("KeepAlive", defaultKeepAlive)); |
| 823 httpServer.SetHttpCompressionEnabled(lock.GetConfiguration().GetBooleanParameter("HttpCompressionEnabled", true)); | 823 httpServer.SetHttpCompressionEnabled(lock.GetConfiguration().GetBooleanParameter("HttpCompressionEnabled", true)); |
| 824 httpServer.SetTcpNoDelay(lock.GetConfiguration().GetBooleanParameter("TcpNoDelay", true)); | 824 httpServer.SetTcpNoDelay(lock.GetConfiguration().GetBooleanParameter("TcpNoDelay", true)); |
| 825 | 825 |
| 826 bool authenticationEnabled = lock.GetConfiguration().GetBooleanParameter("AuthenticationEnabled", false); | 826 bool authenticationEnabled; |
| 827 if (httpServer.IsRemoteAccessAllowed()) | 827 if (lock.GetConfiguration().LookupBooleanParameter(authenticationEnabled, "AuthenticationEnabled")) |
| 828 { | 828 { |
| 829 if (!authenticationEnabled) | 829 httpServer.SetAuthenticationEnabled(authenticationEnabled); |
| 830 | |
| 831 if (httpServer.IsRemoteAccessAllowed() && | |
| 832 !authenticationEnabled) | |
| 830 { | 833 { |
| 831 LOG(WARNING) << "Remote access is allowed, automatically turning on HTTP authentication for security"; | 834 LOG(WARNING) << "Remote access is enabled while user authentication is disabled, " |
| 835 << "make sure this does not affect the security of your setup"; | |
| 832 } | 836 } |
| 833 | 837 } |
| 834 // Starting with Orthanc 1.5.8, enabling remote access forces user authentication. | 838 else if (httpServer.IsRemoteAccessAllowed()) |
| 839 { | |
| 840 // Starting with Orthanc 1.5.8, it is impossible to enable | |
| 841 // remote access without having explicitly disabled user | |
| 842 // authentication. | |
| 843 LOG(WARNING) << "Remote access is allowed but \"AuthenticationEnabled\" is not in the configuration, " | |
| 844 << "automatically enabling HTTP authentication for security"; | |
| 835 httpServer.SetAuthenticationEnabled(true); | 845 httpServer.SetAuthenticationEnabled(true); |
| 836 } | 846 } |
| 837 else | 847 else |
| 838 { | 848 { |
| 839 httpServer.SetAuthenticationEnabled(authenticationEnabled); | 849 // If Orthanc only listens on the localhost, it is OK to have |
| 850 // "AuthenticationEnabled" disabled | |
| 851 httpServer.SetAuthenticationEnabled(false); | |
| 840 } | 852 } |
| 841 | 853 |
| 842 bool hasUsers = lock.GetConfiguration().SetupRegisteredUsers(httpServer); | 854 bool hasUsers = lock.GetConfiguration().SetupRegisteredUsers(httpServer); |
| 843 | 855 |
| 844 if (httpServer.IsAuthenticationEnabled() && | 856 if (httpServer.IsAuthenticationEnabled() && |