Our security department has identify a vulnerability on our self service portal that allows cross-site request forgery and clickjacking due to allowing iframes openly. They have asked that we put in place a configuration of SAMEORIGIN or DENY using X-Frame-Options in our Web.config file. Is this ok to do or is there another suggested fix?
I also found this old article but our team was able to put the entire site in an iframe. https://www.adaxes.com/questions/889/adselfservice-security
Helo Mark,
Have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ConfigureWebUI.IframeEmbedding.html. On step 5, select No.
Thank you for that...is there any way to keep it on but add the configuration mentioned above?
Hello Mark,
Unfortunately, there is no such possibility.
Hi All, I am currently using the 30 day free trial of Adaxes and seeing if we can use it to achieve our method of user provisioning. I am looking into server-side ... variable value within an SQL query Can this be achieved? Any help is much appreciated, Thanks
The script create two reports of inactive workstation operating systems. The report is too detailed to run from one of the adaxes reports. Basically how can I set the script up to ... sure How I did this but I can't find it now (probably something simple).
Using the powershell module, I know how to create a scheduled task, and also how to bind to a scheduled task that is already known. I also have used code to try creating ... same time as another. These are all one-time tasks and will be removed once executed.
Hi, we have replaced our local Exchange server with installation of Exchange Management Tools (EMT) installed directly on Adaxes server. And my question is: How can I force ... this is how 'Set External Senders' option looks in Adaxes config Thanks in advance
By default, SSL is not configured for the Adaxes Web Interface and network transmissions are not encrypted. However, you can configure SSL on the Adaxes Web ... work in both cases: with Windows-integrated authentication and with forms-based authentication.