Goto: Documentation Home

A GDS server implements security in order to protect the underlying data. This security can be applied at several levels in order to protect reports, or parts of the GNAP protocol itself.

Protecting Individual Pages

Single Web Pages can be protected using the <fieldpine:auth> tag in the HTML source code. When this tag is encountered the render engine verifies that the security requirement listed is true before continuing to render the HTML document.

<fieldpine:auth type="NTLM">

Enabling Security Options on Domains

By default, domains are only enabled to use BASIC auth. When a security authorization is required, GDS sends a HTTP unauth response, listing "basic" as the acceptable response. You can control the security authorization techniques on a domain by domain basis.

Each domain to be protected has a line added into globaldata.ctl control file, listing the security options for that domain.

hostopt:www.fieldpine.com=auth=NTLM,BASIC

The following auth types are currently defined:

• NTLM. Enable the use of NTLM. This option should generally only be enabled in Intranet domains, not Internet connected domains.

• BASIC. Enable the use of BASIC authentication. This method is trivial for an attacker to break and should not be used for important protection. It is suitable to stop casual access where inadvertent display may not be of concern.

• DEBUG. This option allows security to be bypassed temporarily. When a web page or bucket has security, then security credentials MUST be supplied. If a domain is started with DEBUG, then all requests are automatically granted. This effectively disables security controls, so this option should not be used on production systems.

Enabling NTLM, Step by Step instructions

The following checklist/example illustrates how NTLM security can be placed on a single web page, so that only Active Directory logged in and identified users can access the page. This example is intended as a guide and may not show all the steps required for every configuration.

1. Edit globaldata.ctl and insert the following line (inserting the domain name as required)
   

   hostopt:www.mydomain.com=auth=NTLM
   

2. Restart GDS in order to detect the security change above.

3. Edit the HTML document and insert the following tag on a line by itself, near the top of the HTML source document.
   

   <fieldpine:auth type="NTLM">
   

4. Attempt to browse the web page (using Microsoft Internet Explorer or other browser that supports NTLM), if you are logged in via Active Directory, access should be granted, otherwise your request should be denied or display a login dialog.