niagara-ax/stations/demo/html/aDemoStationSecurityNotes.html

<!-- Htmldoc has been run -->

<!DOCTYPE html
  PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
   <head>
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   
      <title>Demo stations security notes</title>
      <link rev="made" href="documentation@tridium.com">
      <meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
      <link rel="start" href="index.html" title="Demo Quick Start">
      <link rel="up" href="index.html" title="Demo Quick Start">
      <link rel="prev" href="OpenStationIssue.html" title="Cannot open Station">
      <link rel="next" href="aNewWorkbenchSSLcertificates.html" title="SSL and certificate notes in AX-3.8">
      <meta name="description" content="Niagara Framework documentation">
<!-- Auto-generated style sheet link -->
<link rel='StyleSheet' href='module://bajaui/doc/style.css' type='text/css' />
   </head>
   <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

<!-- Auto-generated Header NavBar -->
<p class="navbar">
  <a href="index.html">Index</a> |
  <a href="OpenStationIssue.html">Prev</a> |
  <a href="aNewWorkbenchSSLcertificates.html">Next</a>
</p>

      <div class="section" lang="en">
         <div class="titlepage">
            <div>
               <div>
                  <h2 class="title"><a name="aDemoStationSecurityNotes"></a>Demo stations security notes
                  </h2>
               </div>
            </div>
         </div>
         <p>Station security changes were made in the AX-3.8 development cycle that affect the standard &#8220;<code class="literal">demo</code>&#8221; station typically installed with NiagaraAX Workbench (as well as the &#8220;<code class="literal">demoAppliance</code>&#8221; station). For the most part these stations remain unchanged from previous releases, meaning that the various default users,
            including the &#8220;<code class="literal">admin</code>&#8221; user, still have a default &#8220;blank&#8221; (empty) password. 
         </p>
         <p>Such users include the &#8220;<code class="literal">adminWbBasic</code>&#8221; user, &#8220;<code class="literal">adminHxDefault</code>&#8221; user, and so on&#8212;all of which are &#8220;super users&#8221;. These users exist to demonstrate different &#8220;Web Profiles&#8221; when accessing
            the station via a browser. Obviously, this combination of &#8220;well known&#8221; super users, each with a default blank password, is
            not a good security practice to maintain.
         </p><a name="d0e823"></a><p class="note" border="0" width="24"><img src="module://docUser/doc/images/note.png" alt="Note" width="24" height="24">For proper security in a production system, the usage of &#8220;super users&#8221; in a station should be <span class="emphasis"><em>minimized</em></span>, as explained in various NiagaraAX documents, including the <em class="citetitle">NiagaraAX Hardening Guide</em>.
         </p>
         <p>Note that login access of the demo station as <span class="emphasis"><em>any of these users</em></span>, either from Workbench or a browser, now prompts to <span class="emphasis"><em>reset</em></span> the password. This happens because the AX-3.8 demo station now has <span class="emphasis"><em>all station users</em></span> configured for password reset. Once a new password is entered, that super user has <span class="emphasis"><em>full access</em></span> to the station&#8212;just as the &#8220;<code class="literal">admin</code>&#8221; user has.
         </p>
         <p>Therefore to prevent any &#8220;unauthorized access&#8221; of a demo station, it is strongly recommended that after first accessing the
            station as the <code class="literal">admin</code> user, that you do one of the following:
         </p>
         <div class="itemizedlist">
            <ul>
               <li>
                  <p>Change the password for each &#8220;well-known&#8221; default user (<code class="literal">adminWbBasic</code>, <code class="literal">adminFrames</code>, etc.). You can do this by double-clicking each user in the station&#8217;s <span class="guilabel">User Manager</span> view, for the <span class="guilabel">Edit</span> dialog. 
                  </p>
                  <div class="itemizedlist">
                     <ul>
                        <li>
                           <p>Typically, you specify the same strong password that you previously entered for the admin user.</p>
                        </li>
                        <li>
                           <p>For each user, you also need to set the &#8220;Force Password Reset&#8221; entry from <code class="literal">true</code> to <code class="literal">false</code>. 
                              Otherwise upon the first login as that user, the <span class="guilabel">Reset Password</span> dialog would reappear.
                           </p>
                        </li>
                     </ul>
                  </div>
                  <p>Make sure to <span class="guilabel">Save</span> the changes to each of these users.
                  </p>
               </li>
               <li>
                  <p>Disable any of these &#8220;well-known&#8221; default users, which you can also do by double-clicking each user in the station&#8217;s <span class="guilabel">User Manager</span> view. Then set the user&#8217;s Enabled property to <code class="literal">false</code>, and <span class="guibutton">Save</span>.
                  </p><a name="d0e903"></a><p class="note" border="0" width="24"><img src="module://docUser/doc/images/note.png" alt="Note" width="24" height="24">Starting in AX-3.7, you can <span class="emphasis"><em>disable</em></span> the user admin&#8212;where previously you could not. However, before doing this, be sure you have at least one working &#8220;super user&#8221;
                     in the station.
                  </p>
               </li>
            </ul>
         </div>
         <p>Be sure to <span class="guibutton">Save</span> changes to the station after making user adjustments&#8212;right-click the <span class="inlinemediaobject"><img src="images/imagedata4141.png"></span> <span class="guilabel">Station</span> node in the Nav tree and select <span class="guimenuitem">Save Station</span>. 
         </p>
         <p>For more details about station security in NiagaraAX, see &#8220;<a href="module://docUser/doc/Security.html">About Security</a>&#8221; in the <em class="citetitle">NiagaraAX User Guide</em>.
         </p>
      </div>

<!-- Auto-generated Footer NavBar -->
<p class="navbar">
  <a href="index.html">Index</a> |
  <a href="OpenStationIssue.html">Prev</a> |
  <a href="aNewWorkbenchSSLcertificates.html">Next</a>
</p>

<!-- Auto-generated copyright note -->
<p class='copyright'>Copyright &copy; 2000-2013 Tridium Inc. All rights reserved.</p>

   </body>
</html>