Versions Compared

Old Version 5

changes.mady.by.user Josune Cordoba

Saved on

compared with

New Version 6

changes.mady.by.user John Sinclair

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

New setup tool to randomize the secrets from the command line. This tool will randomize omkd_secrets tokens in OMK and also, NMIS auth_web_key when it matches some of the OMK tokens (Usually set to configure SSO for Opmantek Applications). 

This tool is also called by the installer and fixed CVE-2021-38551.

...

/usr/local/omk/bin/opcommon-cli.exe act=secrets_randomise [force=true] [length=N]

Where:

    • force=true will change the token even if this is not the default (Like =~ change_me)
    • length=N will force the token length to N (32 by default)

...

CookieSupportBehaviour
HttpOnly(tick) By defaultThe cookies are not going to be accesible from the JavaScript API.
secure(tick) Should be enabled by setting the configuration item "auth_secure_cookie" => "true" in opCommon.json.

This cookie could be sent just in a request ciphered over https protocol. That's the reason why it is not set by default. 

SameSite

set to Strict

(tick) Supported since the following versions:

  • OAE 4.3.0
  • opAdress 2opAddress 2.1.0
  • opCharts 4.3.0
  • opConfig 4.3.0
  • opEvents 4.1.0
  • opHA 3.4
  • opReports 4.3.0

The cookie set to strict means that the browser just send only sends the cookie if the request was made in the website that originally stablished established the cookie. 

Security Content Policy

...