Friday, 28 February 2014

RedDot 11.x new security settings


The new security setting implemented by OpenText in the 11.x version of RedDot are causing problems for a few people. Unless your RedDot servers are public facing (probably not in most cases) you can safely disable the cross site scripting and session checking code.

Why would I want to do that?

Because they can prevent various plugins and extensions from working properly.

How?

Edit \OpenText\WS\MS\Web\Navigation\web.config
Comment out or remove the line:
<add name="HttpSessionModule" type="OpenText.WS.MS.Interop.Security.HttpSessionModule,OpenText.WS.MS.Server.Ui"/>

Edit \OpenText\WS\MS\ASP\web.config
Comment out or remove the following:
<add name="AntiCsrfModule" type="OpenText.WS.MS.Core.Security.Csrf.AntiCsrfModule,OpenText.WS.MS.Core, Version=11.0.1.0, Culture=neutral, PublicKeyToken=9763136D9E6661AD"/>

N.B. You will have to reapply these changes after an upgrade or re-install.

No comments:

Post a Comment