Scannex ip.buffer User Manual
© UK 2007-2021 Scannex Electronics Ltd. All rights reserved worldwide.
8.2.15. Web
You can set your own username and password for web-administration to prevent
unauthorised modifications to the ip.buffer settings.
Web Server Security
Allow http
“
No (https only)
” – force the web-browser to use https.
Accessing port 80 (http) will redirect to port 443 (https).
“
Yes (http & https)
” – either http or https connections can
be made. The user is encouraged to use https by the use
of a red banner at the top of the browser.
[Yes (http & https)]
Authorization
“
Digest Only
” – the web-browser must use MD5 digest
authorization. Passwords are protected.
“
Basic & Digest
” – either basic authorization (where the
username and password are sent unencrypted) or digest
MD5 authorization is possible.
[Digest Only]
WebLock
“
Unlocked
” – Scannex WebLock is not used.
“
WebLocked
” – In cases where the username/password is not
secure enough, you can lock the web pages with the
Scannex authentication/encryption. In this case, the user
has to enter a numerical response to a challenge before
gaining timed access to the setup pages
[Unlocked]
On reboot
“
Authenticate
” – will always require a password.
“
5 minute window
” – allows for 5 minutes grace after
rebooting where no password is required.
[Authenticate]
Local Passwords
“
Visible
” – passwords can be read and written.
“
Obscured
” – reading passwords will only show “
********
” on
both the web-page and configuration downloads
[Visible]
52
Only visible if the Scannex encryption key has been set for WebLock facilities.
53
One example is where you need to give temporary access to a user or on-site engineer. They will
need the username/password anyway, but by using the WebLock you can restrict their access to a
one-time operation. They call you with the serial number and challenge, and you provide them with
a 5 digit response code that is derived from the private secret (which you don’t give out!)
54
Version 2.20+ now store all passwords in the write-only secret-store (the same area that the
Scannex encryption secrets and PKI certificates and keys are stored). When set to “Obscured” it is
not possible to simply read-out the configuration and write into another buffer to replicate the
settings. Before uploading the saved configuration file you must replace all “********” values with the
required passwords and secrets.
Page 52
Scannex ip.buffer User Manual
© UK 2007-2021 Scannex Electronics Ltd. All rights reserved worldwide.
8.2.15. Web
You can set your own username and password for web-administration to prevent
unauthorised modifications to the ip.buffer settings.
Web Server Security
Allow http
“
No (https only)
” – force the web-browser to use https.
Accessing port 80 (http) will redirect to port 443 (https).
“
Yes (http & https)
” – either http or https connections can
be made. The user is encouraged to use https by the use
of a red banner at the top of the browser.
[Yes (http & https)]
Authorization
“
Digest Only
” – the web-browser must use MD5 digest
authorization. Passwords are protected.
“
Basic & Digest
” – either basic authorization (where the
username and password are sent unencrypted) or digest
MD5 authorization is possible.
[Digest Only]
WebLock
“
Unlocked
” – Scannex WebLock is not used.
“
WebLocked
” – In cases where the username/password is not
secure enough, you can lock the web pages with the
Scannex authentication/encryption. In this case, the user
has to enter a numerical response to a challenge before
gaining timed access to the setup pages
[Unlocked]
On reboot
“
Authenticate
” – will always require a password.
“
5 minute window
” – allows for 5 minutes grace after
rebooting where no password is required.
[Authenticate]
Local Passwords
“
Visible
” – passwords can be read and written.
“
Obscured
” – reading passwords will only show “
********
” on
both the web-page and configuration downloads
[Visible]
52
Only visible if the Scannex encryption key has been set for WebLock facilities.
53
One example is where you need to give temporary access to a user or on-site engineer. They will
need the username/password anyway, but by using the WebLock you can restrict their access to a
one-time operation. They call you with the serial number and challenge, and you provide them with
a 5 digit response code that is derived from the private secret (which you don’t give out!)
54
Version 2.20+ now store all passwords in the write-only secret-store (the same area that the
Scannex encryption secrets and PKI certificates and keys are stored). When set to “Obscured” it is
not possible to simply read-out the configuration and write into another buffer to replicate the
settings. Before uploading the saved configuration file you must replace all “********” values with the
required passwords and secrets.
Page 52
