Security has gone on domain:40100 interface


#1

Since the latest update for the stack-manager/domain-manager, I am no longer being prompted for the username/password to access the settings via http:/domainname:40100/


#2

The config.json file looked okay and had the username, password, domain-id and access token in it. But the :40100 interface entered without asking for a password showed the entries except the id as blank. I completed them again and now I get asked for the username and password as before. But the settings had access-token (with hyphen) and access_token (with underscore) in config.json. Maybe it was just a change from hyphen to underscore that also stopped the username/password element working? Something is a bit wonky anyway. I manually removed the hyphen version for the access-token and restarted and that seems to put things in good shape.


#3

Hmm - I had added code to copy over http-username and http-password to http_username and http_password (to change our keys to use underscores and not dashes).

Which config.json file are you talking about?


#4

On Windows. There is only one file called config.json in my setup… the one in the user’s Appdata High Fidelity domain-server area. The copy over code must not have worked @b. Only the id showed when I initially looked on the non-protected settings page via port 40100 wheras I has the http-username, http-password and access-token set in the previous version of the file.

C:\Users…\AppData\Local\High Fidelity\domain-server\High Fidelity\domain-server\config.json

Re-entering and saving the settings again fixed things.


#5

If you only see the username that is expected behavior - not showing the password on that page for security reasons. Your browser should also not be asking you everytime for the username and password.

It’s possible that the copy did work but it didn’t re-prompt you until you re-saved - or the copy didn’t work at all and you had to re-enter (in which case I apologize).