New post
Question
· Mar 24, 2017

Firefox V52

#Caché #CSP #ZEN

I have a 100% ZEN application combined with 100% ZENReports and am also using IFind which is part of the solution.

 Our application is a cloud hosted solution where we lease a server which does not have a website, only  Cache configured under IIS.  Connectivity to our site is premised on a URL string such as  u12345.usa-server.com/csp/namespace/Cache.cls

With the release of Firefox V52 this connection string is now seen as security threat as we have an application login page using  two <password> controls.  I spoke with the server provider who indicated I would need to obtain a domain website name and apply a security certificate to it to invoke https:// and eliminate this warning.   I also have another server where we do have a website where we redirect from an html landing page and then uses java script functions to bridge to cache namespaces but there are no credentials required. 

When I suggested this to the server support person, he indicated if I applied this approach the redirected page would be seen as security threat.  I am not sure that is correct as I haven't tried it,  and/or don't know if the web site https: certificate would apply to the cache and csp sites defined under IIS.

I am searching for a solution as I am taking a lot of backlash from my clients on this subject.  Any proven thoughts or actual knowledge in solving this are appreciated.

Jim Regan

Discussion (2)0
Log in or sign up to continue
Eduard Lebedyuk · Mar 24, 2017

1. https certificate would apply to the cache and csp sites defined under IIS.  It would apply  to everyrhing really.

2. Not sure about html landing page being a security threat. That depends on your setup. Do you embed http parts in your (future) https pages?

I'd recommend as a first step to install let's encrypt certificate - it's free and easy.

Then force http->https redirect on your iis server.

After that check how your html landing page behaves.

0 0
Jim Regan · Mar 24, 2017

I worked with ISC support on this today and we framed this out as a possible solution.

  • I need to obtain or relocate an existing website name to my cloud server which is hosting my cache databases
  • The company who handles our website DNS translations will need to point this website to that cache server
  • Once the website is in place, the available SSL certificate which is included with my server lease will be applied to that website
  • Under IIS, the Handler Mappings will be edited and/or added to accept .cls requests and map them to CSPms Handler
  • the url string will include the https://websitename/csp/namespace/cache.cls as an example or whatever the string works out to be.
  • No redirection should be involved.

Hopefully this works

0 0