[ome-devel] OMERO and SSL
Woodbridge, Mark R
m.woodbridge at imperial.ac.uk
Wed Nov 25 14:29:24 GMT 2009
Thanks Josh.
That's fine for the standard clients (e.g. 'ICE_CONFIG=ice.config ./importer_gui') but we're using webstart so I think I'll have to patch the clients directly as I can't reference a file using ICE_CONFIG. I was hoping I could use System.setProperty() but despite working for Ice.Default.Router it doesn't seem to work for Ice.Plugin.IceSSL etc.
We'd rather avoid this, but we can't send passwords in plain text. It might be better if client.login supported some secure login protocol without requiring everything else to be SSL and suffering the associated performance hit (including OMERO.web which is on the same machine as the server...).
Mark.
-----Original Message-----
From: josh.moore at gmx.de [mailto:josh.moore at gmx.de] On Behalf Of Josh Moore
Sent: 25 November 2009 12:15
To: Woodbridge, Mark R
Cc: ome-devel at lists.openmicroscopy.org.uk
Subject: [ome-devel] OMERO and SSL
Woodbridge, Mark R writes:
> Hi,
Hi Mark,
> We're trying to get the OMERO.clients talking to the server over
> SSL. I've configured the server according to the instructions and
> have verified that it's working by running a simple Java test
> program with the Ice.Default.Router and related properties set
> accordingly. Tcpdump shows that passwords are no longer being sent
> in plain text.
>
> I am now having a problem figuring out how to make the same config
> change to importer, insight and web. It isn't obvious were to set
> the connection properties, assuming it's possible. If anyone has
> got this working then would be interested in discussing.
For the moment, you will need to set the ICE_CONFIG property in
whatever environment those applications are being called
from. I.e. there needs to be some configuration file (e.g. ssl.config)
with the properties from https://www.openmicroscopy.org/site/support/omero4/server/security
Ice.Default.Router=OMERO.Glacier2/router:ssl -p 4064 -h localhost
etc.
Warning: the Ice.Default.Router property overrides the server
selection from the client login dialog. This is very far from optimal,
and we hope to address these issues in 4.2.
> Many thanks,
> Mark.
Best wishes,
~Josh
More information about the ome-devel
mailing list