11
Views
3
Comments
[Silk UI Sample Pages] How do i remove or restrict access to system pages, specifically WebPatterns/HomePage
Forge component by OutSystems R&D
23
Published on 26 Feb 2019
Application Type
Traditional Web
Service Studio Version
11.9.2 (Build 33932)
Platform Version
11.10.0 (Build 22422)

We have been running security scans and one thing that was picked up was that there is open access to WebPatterns/HomePage.aspx - We would like to disable this page entirely but cant find out where to do it.  Is there a way to only allow access to pages we have built and remove open access to system modules (at the very least in a production environment).  We tested and even in production an anonymous user can get access to this page.


it seems any environment can just insert {url}//WebPatterns/HomePage.aspx 

Rank: #171

Hi Andrew,

I think that what you are trying to achieve don't depends on Silk UI.

You can always set the permissions in your screen in the properties of it. See here!

Also you can define a screen to be accessed only from internal network. See here! And you can define what are the addresses from your internal network inside Service Center.


These might help.

However you should never stage sample apps like this one to your production environment.

Maybe you should consider deleting this application from production.
You can do it in Service Center under Factory->Applications


Hope it helps,


Cheers and Regards,

RR :)

Rank: #14543

This was not a page we created, it comes from the system module which we are not allowed to edit "WebPatterns" 


I didnt see that in the list of options to add and the sample page shows SilkUI so i just attached that.  When i try to edit it to remove the page it says it cannot be edited, opening a clone instead.

Rank: #171

Hi Andrew,

I see know! I though it was about this Silk UI Sample Pages component.

What you can do in your case is to disable the App that have the module Web Patterns.
This can be done in ServiceCenter on the Application detail screen:

 

This way when you access the HomePage of WebPatterns you will get the following page:


Don't worry because this will not affect any of your consumers modules, it will only restrict access to screens.


Any way this link will not stop to appear in your Scans.


For it to happen I imagine you would have to try to stop this app in IIS.

Maybe you would need to create a different application pool, put this module in there, and stop it.
But I'm not sure it would not create other issues and solve 100% your problem.


Cheers and Regards,

RR :)