Web Server ?

Questions, problems, and other issues for Ascendis Caller ID that aren't covered by the other forums.
Post Reply
samsungpower
Posts: 49
Joined: Tue May 22, 2012 4:40 pm

Web Server ?

Post by samsungpower »

Hi Bill,

Is there anyway in the webroot folder to display the information to the html files other then having the build in webserver enable on the program.
We are using Apache for our website already and currently have 2 webservers running yours and ours on the same computer and would like to combine both data bases into one, so we could use the PHP.ini for the passwords instead of yours because we would like to be able to have certain files available to only certain parties not a globe setting. Is there any tweets in the registry? Or any ideas? I know there is password scripts using java that have encryption but how save are they? and that would mean another complete password data base to update rather then just one.

If not possible maybe add it to the feature request page.
Have the able to have multi users login and passwords with option to certain files or folders. This day in age with security an issue, have login able to have encryption mode.
Bill Root
Site Admin
Posts: 1025
Joined: Mon Jan 19, 2004 1:29 pm
Location: Perrysburg, OH
Contact:

Re: Web Server ?

Post by Bill Root »

I'm sorry, but Ascendis Caller ID does not provide hooks for Apache (or other web servers) to display HTML files containing Ascendis Caller ID data. You could probably write a separate program to query the database files directly (Ascendis Caller ID uses DBISAM 4) but that would probably require substantial effort.

If you're using PHP (you mentioned PHP.ini, so you might be) you could load Ascendis Caller ID pages from the Ascendis Caller ID web server and embed them in your Apache pages. Then Apache (or PHP) could limit access by username and password. If the users are on a separate computer (or network) you could block access to the Ascendis Caller ID web server from outside and keep it secure.

While supporting per-folder security to the Ascendis Caller ID web server could happen in the future, your application would probably still require two access lists.


Finest regards,
Bill Root
Ascendis Software LLC
samsungpower
Posts: 49
Joined: Tue May 22, 2012 4:40 pm

Post by samsungpower »

Thanks for the reply,

I had thought of embed the Ascendis Caller ID pages into my current Apache server but the question is how secure are the files in your program webroot directory if they are not password protected by your build in user/password section. Is your web server visible when enable on the web for hacker to see them and do there hacking stuff, just like Apache is unless you take certain precaution. When embedding file and you access them by the web it doesn't take much to see the location and ip address where they are from. Most web browser have web inspector programs build in them. I thought of encrypt the html files and try some of those programs but the problem is it will not let the data to pass thru them and only show information like ###Name## or I would go that way for my problem. So again the question I stuck with is can your web server be seen on the web when enable because when your files are embedded, it has to point towards current computers ip and the port that is open or was the program made for close loop system not the world wide web. Maybe I am a little overcautious but I like to keep my data as safe as I can, I sleep a little better at night!
Bill Root
Site Admin
Posts: 1025
Joined: Mon Jan 19, 2004 1:29 pm
Location: Perrysburg, OH
Contact:

Post by Bill Root »

samsungpower wrote:the question is how secure are the files in your program webroot directory if they are not password protected by your build in user/password section
  • The files in the program WebRoot folder are only templates and contain no actual data from Ascendis Caller ID at any time unless you place data in the files by editing them. If you make the files available through Windows file sharing they will be accessible from other computers using Windows file sharing. Even so, since they're only templates, they won't contain data from Ascendis Caller ID.
  • If the Ascendis Caller ID web server is enabled without password protection then a user or program on the same computer can view the processed web files. Programs or users on other computers can only view the processed web files if the computer's firewall allows outside access from the web server port (by default, 80).
  • If the Ascendis Caller ID web server is enabled with password protection then a user or program on the same computer can view the processed web files only by providing the required username and password. Programs or users on other computers can only view the processed web files if the computer's firewall allows outside access from the web server port (by default, 80).
Is your web server visible when enable on the web for hacker to see them and do there hacking stuff, just like Apache is unless you take certain precaution.
If the Ascendis Caller ID web server is enabled and the Windows firewall (or third party firewall) allows outside access to the web server port then other computers on the network can view the Ascendis Caller ID web pages. If the Ascendis Caller ID computer is connected to the internet and the router forwards requests to the Ascendis Caller ID computer then users/hackers on the internet can see the pages if Ascendis Caller ID web server authentication is disabled or the users/hackers provide the correct username and password.
When embedding file and you access them by the web it doesn't take much to see the location and ip address where they are from.
If you just include the Ascendis Caller ID content within a frame using basic HTML, then the user could see the Ascendis Caller ID server URL and directly access it. However, I suggested using PHP since you mentioned PHP.ini. If you use PHP (or probably most other web server languages) you can pull in data from other web servers and present it in the web page without references to the originating server. To do this with Ascendis Caller ID you would have to eliminate the links to previous and next data pages included by the default template files, or handle them within the PHP wrapper. The PHP (or other language code) will probably need to extract just the required table data and output that in its own HTML page.
So again the question I stuck with is can your web server be seen on the web when enable because when your files are embedded, it has to point towards current computers ip and the port that is open or was the program made for close loop system not the world wide web.
As I mentioned above, if you make the Ascendis Caller web server accessible from the internet, then yes, it is accessible from the internet. For your purposes requiring different security for different users I suggest you don't make the Ascendis Caller ID web server accessible from the internet. Instead, make it accessible to your Apache web server, and use PHP or another web language to retrieve the web pages from the Ascendis Caller ID web server, extract the data portion of the page, and incorporate it into the final web page. That way the outside world can't access the Ascendis Caller ID web pages but you have whatever security model you want.
Maybe I am a little overcautious but I like to keep my data as safe as I can, I sleep a little better at night!
I completely support and encourage your security consciousness!


Finest regards,
Bill Root
Ascendis Software LLC
samsungpower
Posts: 49
Joined: Tue May 22, 2012 4:40 pm

Post by samsungpower »

First of all Bill you type very fast and respond to the forum in a very fast manner. Before I had type these sentences out you had a whole page type out with information.

Yes we have some user only can view our information remotely and not just network alone. So we do need to have it pass thru firewall and out to the [World Wide Web].


Update:

I found a program that will let the data pass thru it and will encrypt the page content plus password lock the html file plus more. The program is called HTML Password Lock and located http://www.mtopsoft.com but it's not free of course, you get what you pay for just like Ascendis Software. I keep finding hidden treasure this program can do. My opinion Bill, this is a superb program you have so much flexible and options available for users like me.

Thanks once again.
Bill Root
Site Admin
Posts: 1025
Joined: Mon Jan 19, 2004 1:29 pm
Location: Perrysburg, OH
Contact:

Secure web server

Post by Bill Root »

We just released a new beta version that includes a secure (SSL) web server and per-folder user authorization. The user authorization files are not compatible with Apache, so you would need two sets, but it would let you provide secure over-the-internet web access to Ascendis Caller ID.

The relevant settings are on the Web/TiVo Server advanced Networking page of the Options window. The help now includes information on the new features.

You can download the latest beta version from the beta page:
http://ascendis.com/callerid/beta.php


Finest regards,
Bill Root
Ascendis Software LLC
Post Reply