Hi,
At the moment anybody seems to have access to RavenDB studio. Is there a way of restricting the access either to Admins or at least localhost ?
Thanks
Pawel
Hi,
At the moment anybody seems to have access to RavenDB studio. Is there a way of restricting the access either to Admins or at least localhost ?
Thanks
Pawel
Hi Pawel,
RavenDB is on port 10930 - the easiest thing to do is to add a Windows Firewall rule to block external access to that port.
Paul
Sent from my Windows Phone
From: Pawel Pabich
Sent: 30/08/2012 04:44
To: Paul Stovell
Subject: Access to RavenDB studio does not seem to be secured [Problems #610]
Hi,
This sounds like a good enough work around but would it be possible to make implement an option that is safe by default? Something like Sql Server, the server listens on a port but to do anything you need to be authenticated. Windows Authentication would be the best, at least in my particular scenario
Hi Pawel,
The embedded instance does already require Windows authentication - what version of Octopus are you using?
Paul
The latest version.
I think I was not precise enough. What I was thinking about was authorization. So RavenDB database is not accessible to everybody who has a AD account. In the same way Octopus works. By default you are a regular user and you don’t have access to the configuration section and can’t create projects.
For the time being I’ve added this to the Octopus Server config.
I could not get Raven to accept NetworkService so I configured Octopus Portal to run under Local System.
I asked on RavenDB group if there is a way of limiting access to local Admins and NetworkService.
Thanks
Pawel
Trying to add my config settings. Now with a back tick
<add key="Raven/Authorization/Windows/RequiredGroups" value=".\Administrators"/>
<add key="Raven/AnonymousAccess" value="None"/>
Hey Pawel,
Yeah, this is the reason I hadn’t set any expected groups/users out of the box (and just assumed people wouldn’t open that port - I’ll add a note to the install guide). Though now that I think about it, perhaps during install I could create a specially named local group, and add Network Service + Administrators to that by default.
Paul
Just tried it and Windows does not support nested local groups :(. http://support.microsoft.com/kb/974815
Let’s if the RavenDB guys can find a solution.
For reference, here is the question on the RavenDB user group: https://groups.google.com/forum/?fromgroups#!topic/ravendb/Aluv9YYRcTQ