0 votes

Our security department has identify a vulnerability on our self service portal that allows cross-site request forgery and clickjacking due to allowing iframes openly. They have asked that we put in place a configuration of SAMEORIGIN or DENY using X-Frame-Options in our Web.config file. Is this ok to do or is there another suggested fix?

I also found this old article but our team was able to put the entire site in an iframe. https://www.adaxes.com/questions/889/adselfservice-security

by (3.9k points)

1 Answer

0 votes
ago by (180k points)
selected ago by
Best answer

Helo Mark,

Have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ConfigureWebUI.IframeEmbedding.html. On step 5, select No.

0

Thank you for that...is there any way to keep it on but add the configuration mentioned above?

0

Hello Mark,

Unfortunately, there is no such possibility.

Related questions

0 votes
0 answers

By default, SSL is not configured for the Adaxes Web Interface and network transmissions are not encrypted. However, you can configure SSL on the Adaxes Web ... work in both cases: with Windows-integrated authentication and with forms-based authentication.

asked Oct 14, 2010 by Support (215k points)
0 votes
1 answer

can someone explain me how can I use this virual property adm-CustomAttributeTextMultiValue1? Thanks for your help

asked Jun 28, 2013 by Napoleon (4.9k points)
0 votes
1 answer

I added the Password last set field to the Admin view but when I click on edit it allows the admin user to change the value. Adaxes correclty handel Bad Password time and Bad password ... last set, so I guest there is a way but I can not find it. Thanks you

asked Dec 19, 2019 by tomlaf (470 points)
0 votes
1 answer

With Active Directory Users and Computers, I can add group members by copying a list of usernames and pasting them into the Add Members dialog box. This is very quick and easy. How can I do this with Adaxes? It seems that I can only add one member at a time.

asked Feb 24, 2017 by abarker5 (480 points)
0 votes
0 answers

This can be setup using the HTTP Redirect option in IIS: On the computer where Adaxes Web Interface is installed, launch Internet Information Services (IIS) Manager. In the Connections ... (301). In the Actions pane on the right, click Apply. Restart IIS.

asked Oct 30, 2019 by Support2 (180k points)
2,221 questions
1,983 answers
5,448 comments
6,566 users