- Posts: 88
- Thank you received: 17
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Two installations - one private one public
- urbana
- Topic Author
- Offline
- Premium Member
Less
More
2 months 3 weeks ago #255185
by urbana
Two installations - one private one public was created by urbana
I have some exciting requirements from a client on the table and I think I have solved them. But I wanted to reflect with you briefly to make sure I haven't overlooked anything. The client uses Limesurvey less for surveys and more as forms. So, for example, holiday applications, etc. These are all internal and secured via a reverse proxy, so that only logged-in users can access the surveys.Now, however, there will also be forms that should be publicly accessible. So, for example, sending a customer a link so they can fill out an order, etc.We don't want to create extra users for the secure internal area, as this would come with all sorts of effort (extended user management, roles, external users would have to register, etc).I've solved it like this: Limesurvey is installed again, accesses the same database as the internal version, but the path is public and excluded from the authentication mechanism of the reverse proxy.When you call up a survey via the public path, you can access it without authentication.This works - I've already tested it.My question to you: Am I overlooking something from a security perspective? For example, I will delete all the admin modules in the public path so that the admin area can't even be called up.Thank you very much for your feedback.
Please Log in to join the conversation.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13648
- Thank you received: 2491
2 months 3 weeks ago #255187
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Two installations - one private one public
How is managed Authentication ?
1. DB user can still have access to admin part. Need a way to disable authentication (and remote control) link (can be done via vhost or nginx config)
2. All survey can be accessed by public url.
1. DB user can still have access to admin part. Need a way to disable authentication (and remote control) link (can be done via vhost or nginx config)
2. All survey can be accessed by public url.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Please Log in to join the conversation.
- urbana
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 88
- Thank you received: 17
2 months 3 weeks ago #255189
by urbana
Replied by urbana on topic Two installations - one private one public
Thank you for your answer!
All internal surveys are closed access and need a token to be used. We have a customized internal interface from which employees can start the surveys and a token is created on the fly. Which in turn is not accessible publicly.
Normal users (authenticated via an auth service) don't have a LS user. Only admins.
When an internal survey is opened via the public path, LS asks for the token.
All internal surveys are closed access and need a token to be used. We have a customized internal interface from which employees can start the surveys and a token is created on the fly. Which in turn is not accessible publicly.
Normal users (authenticated via an auth service) don't have a LS user. Only admins.
When an internal survey is opened via the public path, LS asks for the token.
Please Log in to join the conversation.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13648
- Thank you received: 2491
2 months 3 weeks ago #255200
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Two installations - one private one public
OK,
Still : How you disable access to authenticatoion via DB password ?
Quick (and dirty) way :
1. remove/rename : github.com/LimeSurvey/LimeSurvey/blob/ma...n/Authentication.php
2. remove/rename github.com/LimeSurvey/LimeSurvey/blob/ma...in/RemoteControl.php
Best way : send a 401 with your nginx/apache config according to URL (depend of your server: can not answer here).
Still : How you disable access to authenticatoion via DB password ?
Quick (and dirty) way :
1. remove/rename : github.com/LimeSurvey/LimeSurvey/blob/ma...n/Authentication.php
2. remove/rename github.com/LimeSurvey/LimeSurvey/blob/ma...in/RemoteControl.php
Best way : send a 401 with your nginx/apache config according to URL (depend of your server: can not answer here).
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Please Log in to join the conversation.
- urbana
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 88
- Thank you received: 17
2 months 3 weeks ago #255205
by urbana
Replied by urbana on topic Two installations - one private one public
I am not sure I can follow you.
Nobody has the DB password but me and the server admin of my customer.
Or do you mean a different password than the one from the db user we add in the installation process
Nobody has the DB password but me and the server admin of my customer.
Or do you mean a different password than the one from the db user we add in the installation process
Please Log in to join the conversation.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13648
- Thank you received: 2491
2 months 3 weeks ago - 2 months 3 weeks ago #255211
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Two installations - one private one public
The 1st user, is a superadmin.
You can not deactivate permission to connect via username/password (from DB).
manual.limesurvey.org/Manage_users/en#Se...rmissions_for_a_user
You can not deactivate permission to connect via username/password (from DB).
manual.limesurvey.org/Manage_users/en#Se...rmissions_for_a_user
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Last edit: 2 months 3 weeks ago by DenisChenu. Reason: https://manual.limesurvey.org/Manage_users/en#Set_global_permissions_for_a_user
The following user(s) said Thank You: urbana
Please Log in to join the conversation.
- urbana
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 88
- Thank you received: 17
2 months 3 weeks ago #255212
by urbana
Replied by urbana on topic Two installations - one private one public
Ok got you now. The first user is me on the private as well as on the public.
But your point is correct anyway. This is why I wanted the deleted the whole admin module in the public installation but I really like your idea do just send an 404 for all admin paths.
Thank you very much for your thoughts and feedback
But your point is correct anyway. This is why I wanted the deleted the whole admin module in the public installation but I really like your idea do just send an 404 for all admin paths.
Thank you very much for your thoughts and feedback
Please Log in to join the conversation.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13648
- Thank you received: 2491
2 months 3 weeks ago #255216
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Two installations - one private one public
401 no access.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The following user(s) said Thank You: urbana
Please Log in to join the conversation.
- urbana
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 88
- Thank you received: 17
2 months 3 weeks ago #255217
by urbana
Replied by urbana on topic Two installations - one private one public
yes good catch!
Please Log in to join the conversation.
- urbana
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 88
- Thank you received: 17
2 months 3 weeks ago #255218
by urbana
Replied by urbana on topic Two installations - one private one public
one last question: any idea how I can disable best the public homepage? I don't find which file generates it - all the assets are loaded from temp/ twig cache also the translation points to an php in temp/twig cache
Please Log in to join the conversation.
- tpartner
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 10109
- Thank you received: 3595
2 months 3 weeks ago #255221
by tpartner
Cheers,
Tony Partner
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
Replied by tpartner on topic Two installations - one private one public
You can modify what is displayed in the survey theme twig file(s).
Cheers,
Tony Partner
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
The following user(s) said Thank You: DenisChenu, urbana
Please Log in to join the conversation.
- urbana
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 88
- Thank you received: 17
2 months 3 weeks ago #255222
by urbana
Replied by urbana on topic Two installations - one private one public
Thank you
Please Log in to join the conversation.