Network access security
In the configuration file, you need to set up the network access configuration which distinguishes between two network interfaces as a best practice approach:
-
Network access - restricted access (intended for regular users)
-
The ports defined for this interface allow to restrict access to ImageMaster clients or services (via whitelist and blacklist).
-
In the default configuration nothing is allowed.
A typical configuration could grant access only to the WorkplaceClient by adding the path prefix “/imageMaster” to the whitelist, while denying access to the AdminClient by adding the path prefix “/imageMaster/admin.jsf” to the blacklist.
Provide access only to the necessary functions (principle of least privilege).
-
-
Network access - unrestricted access (intended for system administrators)
-
The ports defined for this interface allow for unrestricted access.
-
Settings (whitelist/blacklist) from the restricted access configuration have no effect.
Restrict access to this interface to system administrators only.
-
AdminClient access in restricted access scenario
The ImageMaster client is split into the AdminClient (based on “admin.jsf”) with the navigation menu entry “Administration” versus the WorkplaceClient with belonging navigation menu entries like “Workspace”, “Maintenance” and “Dashboard”.
In the network access configuration for restricted access, you can explicitly grant or deny access to the AdminClient based on the path prefix “/imageMaster/admin.jsf”. If access to the AdminClient is prohibited, this will exclude the navigation menu entry “Administration” from the ImageMaster client.