- Internet
- 03.05.2018
- EN
RustyLogic blog: RedDot 11.x new security settings
written by John Allen, 28. February 2014
The new security setting implemented by OpenText in the 11.x version of RedDot are causing problems for a few people. Unless your RedDot servers are public facing (probably not in most cases) you can safely disable the cross site scripting and session checking code.
Why would I want to do that?
Because they can prevent various plugins and extensions from working properly.
How?
Edit \OpenText\WS\MS\Web\Navigation\web.config and comment out or remove the line:
<add name="HttpSessionModule" type="OpenText.WS.MS.Interop.Security.HttpSessionModule,OpenText.WS.MS.Server.Ui"/>
Edit \OpenText\WS\MS\ASP\web.config and comment out or remove the following:
<add name="AntiCsrfModule" type="OpenText.WS.MS.Core.Security.Csrf.AntiCsrfModule,OpenText.WS.MS.Core, Version=11.0.1.0, Culture=neutral, PublicKeyToken=9763136D9E6661AD"/>
Source: RedDot 11.x new security settings
© copyright 2014 by John Allen