There are a number of precautions that should be taken before running Exago in a production environment.
- Set an external temp path
- Disable direct access
- Set a config password
- Remove the plain-text config
- Remove the admin console
- Encrypt scheduler data (if applicable)
Set an external temp path
The Temp directory contains working data, and may contain sensitive information. If the Temp Path config parameter is left blank, Exago will default to a Temp folder at the root of the install directory. This is not recommended because it could expose your temporary data to web access.
The Temp Path should be set to a location outside of the Exago installation (and behind the server's firewall).
( Main Settings Temp Path ) <temppath>
Disable direct access
Access to Exago should be curated through the API so that user permissions can be set via Roles. Users should not be able to access the home page directly, which would bypass role restrictions. To disable direct access to Exago, set the following config setting to False:
( Main Settings Allow direct access to Exago (bypassing API) ) <allowhomedirect>
Set a config password
A User ID and Password should be set in the config file. This safeguards access to the Admin Console and REST API. See REST API for information on accessing a password-protected web service.
( Other Settings User ID ) <userid>
( Other Settings Password ) <password>
( Other Settings Confirm Password )
Remove the plain-text config
The Admin console generates two copies of the configuration whenever the OK or Apply button is pressed: a plain-text xml document, WebReports.xml by default, and an encrypted version, WebReports.xml.enc. Plain-text config files may contain sensitive information, such as database connection strings, schemas, usernames, and passwords.
When your config settings have been finalized, the WebReports.xml file should be removed from the Config folder and saved in a secure location.
NOTE. The Admin console cannot read the encrypted file, so if config changes are necessary, first reinstate the WebReports.xml file.
Remove the Admin Console
The Admin Console should never be used in a production environment. Deleting the Admin.aspx page will not prevent access. To permanently remove the Admin Console from your installation, remove the following file from the bin folder in your install directory:
Encrypt scheduler data (if applicable)
Each scheduler stores working data in a local temporary folder. If you're using scheduler services, you should set them to encrypt their data. For each scheduler, edit the WebReportsScheduler.xml file and set the following setting to True:
Then restart the service.