Mercurial > hg > orthanc
comparison OrthancServer/main.cpp @ 3506:d2b9981017c4
better handling of HTTP security
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Wed, 28 Aug 2019 15:19:04 +0200 |
parents | 27b53c61aa99 |
children | f07352e0375c |
comparison
equal
deleted
inserted
replaced
3505:b2d4dd16dae8 | 3506:d2b9981017c4 |
---|---|
821 httpServer.SetRemoteAccessAllowed(lock.GetConfiguration().GetBooleanParameter("RemoteAccessAllowed", false)); | 821 httpServer.SetRemoteAccessAllowed(lock.GetConfiguration().GetBooleanParameter("RemoteAccessAllowed", false)); |
822 httpServer.SetKeepAliveEnabled(lock.GetConfiguration().GetBooleanParameter("KeepAlive", defaultKeepAlive)); | 822 httpServer.SetKeepAliveEnabled(lock.GetConfiguration().GetBooleanParameter("KeepAlive", defaultKeepAlive)); |
823 httpServer.SetHttpCompressionEnabled(lock.GetConfiguration().GetBooleanParameter("HttpCompressionEnabled", true)); | 823 httpServer.SetHttpCompressionEnabled(lock.GetConfiguration().GetBooleanParameter("HttpCompressionEnabled", true)); |
824 httpServer.SetTcpNoDelay(lock.GetConfiguration().GetBooleanParameter("TcpNoDelay", true)); | 824 httpServer.SetTcpNoDelay(lock.GetConfiguration().GetBooleanParameter("TcpNoDelay", true)); |
825 | 825 |
826 bool authenticationEnabled = lock.GetConfiguration().GetBooleanParameter("AuthenticationEnabled", false); | 826 bool authenticationEnabled; |
827 if (httpServer.IsRemoteAccessAllowed()) | 827 if (lock.GetConfiguration().LookupBooleanParameter(authenticationEnabled, "AuthenticationEnabled")) |
828 { | 828 { |
829 if (!authenticationEnabled) | 829 httpServer.SetAuthenticationEnabled(authenticationEnabled); |
830 | |
831 if (httpServer.IsRemoteAccessAllowed() && | |
832 !authenticationEnabled) | |
830 { | 833 { |
831 LOG(WARNING) << "Remote access is allowed, automatically turning on HTTP authentication for security"; | 834 LOG(WARNING) << "Remote access is enabled while user authentication is disabled, " |
835 << "make sure this does not affect the security of your setup"; | |
832 } | 836 } |
833 | 837 } |
834 // Starting with Orthanc 1.5.8, enabling remote access forces user authentication. | 838 else if (httpServer.IsRemoteAccessAllowed()) |
839 { | |
840 // Starting with Orthanc 1.5.8, it is impossible to enable | |
841 // remote access without having explicitly disabled user | |
842 // authentication. | |
843 LOG(WARNING) << "Remote access is allowed but \"AuthenticationEnabled\" is not in the configuration, " | |
844 << "automatically enabling HTTP authentication for security"; | |
835 httpServer.SetAuthenticationEnabled(true); | 845 httpServer.SetAuthenticationEnabled(true); |
836 } | 846 } |
837 else | 847 else |
838 { | 848 { |
839 httpServer.SetAuthenticationEnabled(authenticationEnabled); | 849 // If Orthanc only listens on the localhost, it is OK to have |
850 // "AuthenticationEnabled" disabled | |
851 httpServer.SetAuthenticationEnabled(false); | |
840 } | 852 } |
841 | 853 |
842 bool hasUsers = lock.GetConfiguration().SetupRegisteredUsers(httpServer); | 854 bool hasUsers = lock.GetConfiguration().SetupRegisteredUsers(httpServer); |
843 | 855 |
844 if (httpServer.IsAuthenticationEnabled() && | 856 if (httpServer.IsAuthenticationEnabled() && |