Quantcast

Galaxy Reports Webapp Login

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Galaxy Reports Webapp Login

Timo Janßen
Hi,

is it possible to implement some kind of login for the usage reports
webapp, so that only admins can see the website? In our current setup
the tool is running on a server with many other users so that anyone who
knows the port can open the website and see potentially sensitive data.

Best regards,
Timo

--
------------------------------------------------------------------------
Timo Janßen
Wissenschaftliche Hilfskraft
Arbeitsgruppe "Anwendungs- und Informationssysteme"
Tel.: +49(0)551/201-1791
E-Mail: [hidden email]
------------------------------------------------------------------------
Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen
(GWDG)
Am Faßberg 11, 37077 Göttingen, URL: http://www.gwdg.de
Tel.: +49 551 201-1510, Fax: +49 551 201-2150, E-Mail: [hidden email]
Service-Hotline: Tel.: +49 551 201-1523, E-Mail: [hidden email]

Geschäftsführer: Prof. Dr. Ramin Yahyapour
Aufsichtsratsvorsitzender: Prof. Dr. Norbert Lassau
Sitz der Gesellschaft: Göttingen
Registergericht: Göttingen, Handelsregister-Nr. B 598
------------------------------------------------------------------------
Zertifiziert nach ISO 9001
------------------------------------------------------------------------


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Galaxy Reports Webapp Login

Peter Briggs
Hello Timo

For our production setups I've used the htpasswd mechanism as a simple
way to protect the reports from unauthorised access. The details for
doing this using nginx are part of the write up here:

http://galacticengineer.blogspot.co.uk/2015/06/exposing-galaxy-reports-via-nginx-in.html

HTH

Best wishes

Peter

On 27/03/17 12:29, Timo Janßen wrote:

> Hi,
>
> is it possible to implement some kind of login for the usage reports
> webapp, so that only admins can see the website? In our current setup
> the tool is running on a server with many other users so that anyone who
> knows the port can open the website and see potentially sensitive data.
>
> Best regards,
> Timo
>
>
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>   https://lists.galaxyproject.org/
>
> To search Galaxy mailing lists use the unified search at:
>   http://galaxyproject.org/search/
>

--
Peter Briggs [hidden email]
Bioinformatics Core Facility University of Manchester
B.1083 Michael Smith Bldg Tel: (0161) 2751482
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Galaxy Reports Webapp Login

Timo Janßen
Hi,

I was able to solve my problem by using Peter's suggestion for a proxy
server with authentication combined with these two iptables rules:

iptables -A OUTPUT -p tcp --dport <port of the reports server> -s
localhost -d localhost --match owner --uid-owner <uid of the proxy> -j
ACCEPT

iptables -A OUTPUT -p tcp --dport <port of the reports server> -s
localhost -d localhost -j DROP

These rules prevent direct local access to the webserver so that even
locally the access is only possible via the proxy, where authentication
is necessary. Note that these rules don't block network access; for that
you would need to extend the rules or use a separate firewall.

Best regards,
Timo

On 03/27/2017 01:39 PM, Peter Briggs wrote:

> Hello Timo
>
> For our production setups I've used the htpasswd mechanism as a simple
> way to protect the reports from unauthorised access. The details for
> doing this using nginx are part of the write up here:
>
> http://galacticengineer.blogspot.co.uk/2015/06/exposing-galaxy-reports-via-nginx-in.html
>
>
> HTH
>
> Best wishes
>
> Peter
>
> On 27/03/17 12:29, Timo Janßen wrote:
>> Hi,
>>
>> is it possible to implement some kind of login for the usage reports
>> webapp, so that only admins can see the website? In our current setup
>> the tool is running on a server with many other users so that anyone who
>> knows the port can open the website and see potentially sensitive data.
>>
>> Best regards,
>> Timo
>>
>>
>>
>> ___________________________________________________________
>> Please keep all replies on the list by using "reply all"
>> in your mail client.  To manage your subscriptions to this
>> and other Galaxy lists, please use the interface at:
>>   https://lists.galaxyproject.org/
>>
>> To search Galaxy mailing lists use the unified search at:
>>   http://galaxyproject.org/search/
>>
>
--
------------------------------------------------------------------------
Timo Janßen
Wissenschaftliche Hilfskraft
Arbeitsgruppe "Anwendungs- und Informationssysteme"
Tel.: +49(0)551/201-1791
E-Mail: [hidden email]
------------------------------------------------------------------------
Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen
(GWDG)
Am Faßberg 11, 37077 Göttingen, URL: http://www.gwdg.de
Tel.: +49 551 201-1510, Fax: +49 551 201-2150, E-Mail: [hidden email]
Service-Hotline: Tel.: +49 551 201-1523, E-Mail: [hidden email]

Geschäftsführer: Prof. Dr. Ramin Yahyapour
Aufsichtsratsvorsitzender: Prof. Dr. Norbert Lassau
Sitz der Gesellschaft: Göttingen
Registergericht: Göttingen, Handelsregister-Nr. B 598
------------------------------------------------------------------------
Zertifiziert nach ISO 9001
------------------------------------------------------------------------


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/

smime.p7s (7K) Download Attachment
Loading...