810DCA211B8D4B2AB05C1F0F03802918
  • Internet
  • 03.05.2018
  • EN

RustyLogic blog: RedDot 11.x new security settings

written by John Allen, 28. February 2014
 

The new security setting implemented by OpenText in the 11.x version of RedDot are causing problems for a few people. Unless your RedDot servers are public facing (probably not in most cases) you can safely disable the cross site scripting and session checking code.
 

Why would I want to do that?

Because they can prevent various plugins and extensions from working properly.
 

How?

Edit \OpenText\WS\MS\Web\Navigation\web.config and comment out or remove the line:

<add name="HttpSessionModule" type="OpenText.WS.MS.Interop.Security.HttpSessionModule,OpenText.WS.MS.Server.Ui"/>

Edit \OpenText\WS\MS\ASP\web.config and comment out or remove the following:

<add name="AntiCsrfModule" type="OpenText.WS.MS.Core.Security.Csrf.AntiCsrfModule,OpenText.WS.MS.Core, Version=11.0.1.0, Culture=neutral, PublicKeyToken=9763136D9E6661AD"/>

Source: RedDot 11.x new security settings

© copyright 2014 by John Allen