SiteStudio Online Documentation

For more information contact us

New Scheme of SiteStudio User Authentication

(SiteStudio 1.7.1b52 and up)

 

H-Sphere 3.1 Beta 1 introduces the new scheme of communication between SiteStudio and H-Sphere that helps to separate all possible SiteStudio security issues from H-Sphere in future.

Created separate postgres user 'studio'
H-Sphere Updater changes 'wwwuser' password for H-Sphere DB and creates 'studio' user, which no longer has access to H-Sphere DB.
Ownership for all of SiteStudio Databases (pool, guestbook, counter) is changed to 'studio' postgres user.

Created separate Tomcat for SiteStudio running under the 'studio' system user
So SiteStudio will run under different users with limited permissions. Users will comunicate with SiteStudio through Control Panel apache but SiteStudio context will be redirected to the SiteStudio tomcat that listens on 8010 port. Port 8010 should be open on your firewall between CP server and Sitestudio server in case both are installed on separate servers. If both are installed on the same server, port 8010 should be open only for localhost.
Note: In order to stop tomcat, port 8006 for localhost should be open on your firewall.

Developed new communication mechanism over http between SiteStudio and H-Sphere
User validation will be performed using unique encrypted key that is sent to SiteStudio from H-Sphere and SiteStudio will check back this key on H-Sphere using http protocol.

Changed scheme to login to SiteStudio outside H-Sphere
Now a user will login to H-Sphere and H-Sphere will automatically redirect authorized user to SiteStudio. To provide this, skeleton files 'index.html' and 'login.html' were changed. So newly created users will be able to login to SiteStudio from their own site.




See also

Product Page
Online Demo
FAQ
SS Doc Home
SS with H-Sphere Configuration



Copyright 1998-2008. Positive Software Corporation.
All rights reserved.