Competition/Ianseo Protection: Difference between revisions
No edit summary |
(Marked this version for translation) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Proofreading}} |
{{Proofreading}} |
||
<languages /> |
|||
<translate> |
|||
<!--T:1--> |
|||
Ianseo offer no protection against a server attack, especially because the web-server user must have write permission in order to perform updates. It is there fore not wise to set up a ianseo on a public server lacking system administration skills. |
Ianseo offer no protection against a server attack, especially because the web-server user must have write permission in order to perform updates. It is there fore not wise to set up a ianseo on a public server lacking system administration skills. |
||
{{Note|type=error|text=Ianseo can run on a public web server, but this means anybody having access to the server can tamper with data or even remove the competition}} |
{{Note|type=error|text=Ianseo can run on a public web server, but this means anybody having access to the server can tamper with data or even remove the competition}} |
||
| Line 6: | Line 9: | ||
Nontheless, ianseo offers two "anti-tampering" methods. |
Nontheless, ianseo offers two "anti-tampering" methods. |
||
== Block editing == |
== Block editing == <!--T:2--> |
||
<div class=nofloat> |
<div class=nofloat> |
||
[[File:Competition-Block-Editing.png|thumb|Competition Block Editing]] |
[[File:Competition-Block-Editing.png|thumb|Competition Block Editing]] |
||
| Line 12: | Line 15: | ||
</div> |
</div> |
||
== Network Access Policies == |
== Network Access Policies == <!--T:3--> |
||
<div class=nofloat> |
<div class=nofloat> |
||
[[File:Competition-Network-ACL.png|thumb|Network Access Policies]] |
[[File:Competition-Network-ACL.png|thumb|Network Access Policies]] |
||
This is the most complex feature in ianseo: be ready to shut yourself out of the competition! |
This is the most complex feature in ianseo: be ready to shut yourself out of the competition! |
||
<!--T:4--> |
|||
Of course ianseo on localhost is never blocked (it is a nonsense to shut out a user running ianseo on his own computer and accessing it locally). |
Of course ianseo on localhost is never blocked (it is a nonsense to shut out a user running ianseo on his own computer and accessing it locally). |
||
<!--T:5--> |
|||
Best results are obtained with the critical computers being with a fix IP (DHCP reservation on the router would be persistent through reboots or multiple competitions): results management, accreditation point, speakers, judges, etc. |
Best results are obtained with the critical computers being with a fix IP (DHCP reservation on the router would be persistent through reboots or multiple competitions): results management, accreditation point, speakers, judges, etc. |
||
<!--T:6--> |
|||
* '''Enable/Disable Access Policies''': once enabled, if your IP is not on the list you will be cut out of the connection and not able to manage anything anymore! '''Be sure to set your own IP in the list of authorized computers and click on the green checkbox on the left to set that IP to "can do everything"'''. |
* '''Enable/Disable Access Policies''': once enabled, if your IP is not on the list you will be cut out of the connection and not able to manage anything anymore! '''Be sure to set your own IP in the list of authorized computers and click on the green checkbox on the left to set that IP to "can do everything"'''. |
||
* '''Automatic Record IP Addresses''': this feature will automatically add in the list all the devices that connect to ianseo, with no permissions. This will speed up the process in retrieving and granting permissions to authorized people. |
* '''Automatic Record IP Addresses''': this feature will automatically add in the list all the devices that connect to ianseo, with no permissions. This will speed up the process in retrieving and granting permissions to authorized people. |
||
* '''Network Access Policies''': exports/imports network policies defined |
* '''Network Access Policies''': exports/imports network policies defined |
||
<!--T:7--> |
|||
''Green checkbox'' means write access, ''blue lens'' means read access, ''red no entry'' means no permissions for the specific section od Ianseo. |
''Green checkbox'' means write access, ''blue lens'' means read access, ''red no entry'' means no permissions for the specific section od Ianseo. |
||
<!--T:8--> |
|||
At the bottom one or more Regular Expression syntax can be used to grand all matching IPs the same permissions. |
At the bottom one or more Regular Expression syntax can be used to grand all matching IPs the same permissions. |
||
<!--T:9--> |
|||
{{Note|type=reminder|text=Remember that in case you did shut yourself out of the competition, a reset of the situation can be performed opening a shell on the server and asking the page located on '''<nowiki>http://localhost/?ACLReset=</nowiki>[Competition Code]'''}} |
{{Note|type=reminder|text=Remember that in case you did shut yourself out of the competition, a reset of the situation can be performed opening a shell on the server and asking the page located on '''<nowiki>http://localhost/?ACLReset=</nowiki>[Competition Code]'''}} |
||
</div> |
</div> |
||
<!--T:10--> |
|||
[[Category:Competition]] |
[[Category:Competition]] |
||
</translate> |
|||
Latest revision as of 13:08, 31 March 2025
Ianseo offer no protection against a server attack, especially because the web-server user must have write permission in order to perform updates. It is there fore not wise to set up a ianseo on a public server lacking system administration skills.
Ianseo can run on a public web server, but this means anybody having access to the server can tamper with data or even remove the competition
Nontheless, ianseo offers two "anti-tampering" methods.
Block editing
This is a very basic method: clicking on the links, sections of ianseo will be visible but cannot be modified unless the lock is released.
Network Access Policies
This is the most complex feature in ianseo: be ready to shut yourself out of the competition!
Of course ianseo on localhost is never blocked (it is a nonsense to shut out a user running ianseo on his own computer and accessing it locally).
Best results are obtained with the critical computers being with a fix IP (DHCP reservation on the router would be persistent through reboots or multiple competitions): results management, accreditation point, speakers, judges, etc.
- Enable/Disable Access Policies: once enabled, if your IP is not on the list you will be cut out of the connection and not able to manage anything anymore! Be sure to set your own IP in the list of authorized computers and click on the green checkbox on the left to set that IP to "can do everything".
- Automatic Record IP Addresses: this feature will automatically add in the list all the devices that connect to ianseo, with no permissions. This will speed up the process in retrieving and granting permissions to authorized people.
- Network Access Policies: exports/imports network policies defined
Green checkbox means write access, blue lens means read access, red no entry means no permissions for the specific section od Ianseo.
At the bottom one or more Regular Expression syntax can be used to grand all matching IPs the same permissions.
Remember that in case you did shut yourself out of the competition, a reset of the situation can be performed opening a shell on the server and asking the page located on http://localhost/?ACLReset=[Competition Code]