neha_gupta Absent Member.
Absent Member.
1121 views

SSPR Config Editor Editable

Hi,

We are facing issue in SSPR ConfigEditor Configuration to be made Open/Close.

- The 'configIsEditable' is set to False in /SSPRConfiguration.xml file
- Tomcat is restarted
- SSPR Administration page is showing the block with content 'Open Configuration'

If I click on Configuration Editor, I am able to make changes and save them. Rather I am expecting it should be in ReadOnly Mode once I have set ConfigIsEditable to FALSE.

Version Details : SSPR v3.3.1.6 b179 r38919

Please suggest. Thanks!
0 Likes
3 Replies
Knowledge Partner
Knowledge Partner

Re: SSPR Config Editor Editable

I do not recall seeing that back with the 3.3 version, but it may be worth
trying out 4.0.0.2 now that it is out. Also, can you duplicate this, or
is this a single-system thing?

Usually when I'm done editing a config I also lock down the file in the
filesystem, just in case, with something like the following:


chmod -w /path/to/SSPRConfiguration.xml


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
tschloesser Outstanding Contributor.
Outstanding Contributor.

Re: SSPR Config Editor Editable

ab;2444466 wrote:
I do not recall seeing that back with the 3.3 version, but it may be worth
trying out 4.0.0.2 now that it is out. Also, can you duplicate this, or
is this a single-system thing?

Usually when I'm done editing a config I also lock down the file in the
filesystem, just in case, with something like the following:


chmod -w /path/to/SSPRConfiguration.xml



Do you think this is still needed? Starting with SSPR 4 - beside other files - the SSPRconfiguration.xml is stored in a "application directory" outside of tomcat (i.e. /home/novlua/sspr-data). To the whole directory only the novlua user should have any access.
0 Likes
Knowledge Partner
Knowledge Partner

Re: SSPR Config Editor Editable

On 11/22/2016 12:26 AM, tschloesser wrote:
>
> ab;2444466 Wrote:
>>>

> Code:
> --------------------
> > >

> > chmod -w /path/to/SSPRConfiguration.xml
> >

> --------------------
>>>

>>

>
> Do you think this is still needed? Starting with SSPR 4 - beside other
> files - the SSPRconfiguration.xml is stored in a "application directory"
> outside of tomcat (i.e. /home/novlua/sspr-data). To the whole directory
> only the novlua user should have any access.


Is that the case with the non-appliance too? I guess I need to look
more-closely, but I'd still do this since I do not trust computers; one
exploit in Apache Tomcat could let somebody modify the file without some
control from the OS. I've also seen plenty of cases where an "admin" put
the file out there and set permissions to 777 because it just works, and
they've done that for years with everything, and as a result a file that
should be 400 gets left at 777; at least with the command above, it moves
down to 555 so there is something preventing that same admin (or anybody
else on the system) from trivially modifying the file in unexpected ways.

Defense in Depth: I love it.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.