Platform Security

The 1C:Enterprise developers forum

#1
People who like this:0Yes/0No
Active user
Rating: 3
Joined: Jul 24, 2017
Company: Smart ID Dynamics

Hello everyone,

I have a problem in developing a secure application in 1C platform, version 8.3.15.1534. The problem consists in the fact that, if I publish a configuration through IIS, I receive all kinds of errors from the platform, on the web, when trying to access a somewhat different web address that the intended one (detailed in the pictures). This automatically reflects in bad application security and it is not a very good approach in developing a secure application.In the attached pictures, you'll notice what I meant with a different web address. These errors that the platform returns, can be resourced by bad intended people, in hacking my application.

Another point that I haven't yet managed to figure out, is when accesing a published configuration via a web browser. The last user that logged into the application on the web, will have the username automatically completed (it is stored) on relogging from the same computer. This makes things less feasible when developing a secure application that can be used in an ad-hoc network, for example.

Can someone please help me in publishing a configuration, or installing and configuring the 1C service, that does not allow these kind of 'backdoors' ?

Quick mention. The first image is a valid wsdl, the rest of the images shows the mentioned problems (except the username one which is just explained above).

Thank you,
Lucian Rada.

 
#2
People who like this:0Yes/0No
Active user
Rating: 3
Joined: Jul 24, 2017
Company: Smart ID Dynamics

First error, when mistyping the web address

 
#3
People who like this:0Yes/0No
Active user
Rating: 3
Joined: Jul 24, 2017
Company: Smart ID Dynamics

Second problem. After the "wsdl" keyword in the web address(the valid web address), you can complete with anything and the platform still returns the valid wsdl address

 
#4
People who like this:0Yes/0No
Active user
Rating: 3
Joined: Jul 24, 2017
Company: Smart ID Dynamics

Third error. When accesing an invalid HTTP service.

 
Subscribe