Blocking public access to Aggregate

We have an ODK Aggregate setup on GAE, we would like to secure the instance such that not everyone has access to the appspot application. I added a new security constraint to the web.xml file that secured the root path "/*" this secured the web app but the unfortunate side effect of blocking the ODK collect from doing any data pushes/collection.

Does anybody have any idea how we can block public access to aggregate but still keep it open for ODK collect to work?

*This is NOT the way to do this. *Website security is ALREADY THERE.

Instead:

(1) Log In with the super-user username you specified when you ran the
installer.

(2) go to Site Admin / Permissions page.

(3) create users and assign them permissions on the site.

(4) remove permissions for the Anonymous User.

(5) Save Changes

(6) change passwords for all the users you created in step (3) (the
password is unguessable when the user is first created). And if you have
the red banner warning, change the password for your superuser username.

Now, users will be required to log in before they can see the webpages.

Note that when you upgrade your server, you must use the same "ODK
Aggregate Instance Name" (one of the first questions asked by the
installer). If you change this name by adding a space, etc., all the
passwords will be invalidated (unguessable) and the superuser password will
be reset to "aggregate"

··· On Mon, Mar 30, 2015 at 7:58 AM, wrote:

We have an ODK Aggregate setup on GAE, we would like to secure the
instance such that not everyone has access to the appspot application. I
added a new security constraint to the web.xml file that secured the root
path "/*" this secured the web app but the unfortunate side effect of
blocking the ODK collect from doing any data pushes/collection.

Does anybody have any idea how we can block public access to aggregate but
still keep it open for ODK collect to work?

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com

And in ODK Collect, the username and password can be set on the General
Settings page.

That username needs to have Data Collector permissions assigned to it in
ODK Aggregate.

··· On Tue, Mar 31, 2015 at 10:12 AM, Mitch Sundt wrote:

*This is NOT the way to do this. *Website security is ALREADY THERE.

Instead:

(1) Log In with the super-user username you specified when you ran the
installer.

(2) go to Site Admin / Permissions page.

(3) create users and assign them permissions on the site.

(4) remove permissions for the Anonymous User.

(5) Save Changes

(6) change passwords for all the users you created in step (3) (the
password is unguessable when the user is first created). And if you have
the red banner warning, change the password for your superuser username.

Now, users will be required to log in before they can see the webpages.

Note that when you upgrade your server, you must use the same "ODK
Aggregate Instance Name" (one of the first questions asked by the
installer). If you change this name by adding a space, etc., all the
passwords will be invalidated (unguessable) and the superuser password will
be reset to "aggregate"

On Mon, Mar 30, 2015 at 7:58 AM, johnwesonga@gmail.com wrote:

We have an ODK Aggregate setup on GAE, we would like to secure the
instance such that not everyone has access to the appspot application. I
added a new security constraint to the web.xml file that secured the root
path "/*" this secured the web app but the unfortunate side effect of
blocking the ODK collect from doing any data pushes/collection.

Does anybody have any idea how we can block public access to aggregate
but still keep it open for ODK collect to work?

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com

--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com