[Vtigercrm-developers] Restrict access thru Webservices

Ranieri rslemer at gmail.com
Wed Sep 9 23:08:40 GMT 2015


but it's only at yetiforce right?

2015-09-09 10:23 GMT-03:00 Błażej Pabiszczak <b.pabiszczak at yetiforce.com>:

>
>
> Generally all mechanisms that allow external access should be default
> disabled.
> We created this file:
> https://github.com/YetiForceCompany/YetiForceCRM/blob/stable/config/api.php ,
> there you can easily disable/enable services. Webservice enabled by
> default, together with available access keys for the users, is not a good
> practice [I'd even say that the permissions control is fictional, if it can
> be bypassed]. It's even worse with the mobile module in modules/Mobile.
> This module should be disabled by default [and eventually removed or
> written from scratch] because it's full of holes - it's enough to run a
> scanner, such as Acunetix, or perform an audit, to see how dangerous this
> module is.
> ---
> Z poważaniem / Regards
>
> *Błażej Pabiszczak*
> *Chief Executive Officer*
> M: +48.884999123
> E: b.pabiszczak at yetiforce.com
>
>
>
> W dniu 2015-09-09 13:51, Ranieri napisał(a):
>
> You blocked only file webservices.php ? is enough?
>
> 2015-09-09 1:31 GMT-03:00 Preexo <preexo at googlemail.com>:
>
>> I use apaches Allow from 123.123.123.13 for that.
>> http://httpd.apache.org/docs/2.2/howto/access.html
>>
>>
>>
>> --
>> View this message in context:
>> http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-Restrict-access-thru-Webservices-tp17267p17274.html
>> Sent from the vtigercrm-developers mailing list archive at Nabble.com.
>> _______________________________________________
>> http://www.vtiger.com/
>
>
> _______________________________________________
> http://www.vtiger.com/
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20150909/b0317e1e/attachment.html>


More information about the vtigercrm-developers mailing list