GDS Web Page Security
Goto: Documentation Home
A GDS server implements security in order to protect the underlying data. This security can be applied at several
levels in order to protect reports, or parts of the GNAP protocol itself.
Protecting Individual Pages
Single Web Pages can be protected using the <fieldpine:auth> tag in the HTML source code. When this tag is
encountered the render engine verifies that the security requirement listed is true before continuing to render
the HTML document.
Enabling Security Options on Domains
By default, domains are only enabled to use BASIC auth. When a security authorization is required, GDS sends a
HTTP unauth response, listing "basic" as the acceptable response. You can control the security authorization techniques on
a domain by domain basis.
Each domain to be protected has a line added into globaldata.ctl control file, listing the security options
for that domain.
The following auth types are currently defined:
- NTLM. Enable the use of NTLM. This option should generally only be enabled in Intranet domains, not
Internet connected domains.
- BASIC. Enable the use of BASIC authentication. This method is trivial for an attacker to break and should not be
used for important protection. It is suitable to stop casual access where inadvertent display may not be of concern.
- DEBUG. This option allows security to be bypassed temporarily. When a web page or bucket has security, then
security credentials MUST be supplied. If a domain is started with DEBUG, then all requests are automatically granted. This effectively disables
security controls, so this option should not be used on production systems.
Enabling NTLM, Step by Step instructions
The following checklist/example illustrates how NTLM security can be placed on a single web page, so that
only Active Directory logged in and identified users can access the page. This example is intended as a guide
and may not show all the steps required for every configuration.
- Edit globaldata.ctl and insert the following line (inserting the domain name as required)
- Restart GDS in order to detect the security change above.
- Edit the HTML document and insert the following tag on a line by itself, near the top of the HTML source
- Attempt to browse the web page (using Microsoft Internet Explorer or other browser that supports NTLM), if you are logged in via Active Directory, access should be granted, otherwise
your request should be denied or display a login dialog.