Mercurial > hg > orthanc

diff Resources/Configuration.json @ 3506:d2b9981017c4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
better handling of HTTP security
author Sebastien Jodogne <s.jodogne@gmail.com>
date Wed, 28 Aug 2019 15:19:04 +0200
parents 0d248cc63ded
children f07352e0375c
line wrap: on
line diff
--- a/Resources/Configuration.json	Wed Aug 28 12:21:23 2019 +0200
+++ b/Resources/Configuration.json	Wed Aug 28 15:19:04 2019 +0200
@@ -139,10 +139,7 @@
    * Security-related options for the HTTP server
    **/
 
-  // Whether remote hosts can connect to the HTTP server. For security
-  // reasons, starting with Orthanc 1.5.8, as soon as this option is
-  // set to "true", authentication is enabled, and you have to declare
-  // an user in "RegisteredUsers" to access the HTTP server.
+  // Whether remote hosts can connect to the HTTP server
   "RemoteAccessAllowed" : false,
 
   // Whether or not SSL is enabled
@@ -152,10 +149,14 @@
   // SSL is enabled)
   "SslCertificate" : "certificate.pem",
 
-  // Whether or not the password protection is enabled. Starting with
-  // Orthanc 1.5.8, password protection is automatically enabled as
-  // soon as "RemoteAccessAllowed" is set to "true".
-  "AuthenticationEnabled" : false,
+  // Whether or not the password protection is enabled (using HTTP
+  // basic access authentication). Starting with Orthanc 1.5.8, if
+  // "AuthenticationEnabled" is not explicitly set, authentication is
+  // enabled iff. remote access is allowed (i.e. the default value of
+  // "AuthenticationEnabled" equals that of "RemoteAccessAllowed").
+  /**
+     "AuthenticationEnabled" : false,
+   **/
 
   // The list of the registered users. Because Orthanc uses HTTP
   // Basic Authentication, the passwords are stored as plain text.