tryton-sao browser file access permissions

[wela...@elshaden.com]

Hello,

What method should I use to restrict access to certain files on the SAO client because I can list directories and access files that shouldn't be accessed. This is 3.8

Thanks

Wanis

[Cédric Krier]

All sao files must be accessible otherwise it will not work properly.

--
Cédric Krier - B2CK SPRL
Email/Jabber: cedric...@b2ck.com
Tel: +32 472 54 46 59
Website: http://www.b2ck.com/

[wela...@elshaden.com]

Good Morning Cedric,

I understand but i wanted to limit access to them from the browser. What i noticed with the demo.tryton.com website is that if i try to for example, open /src/ it gives back a 403 forbidden whereas with the config i had it basically gave me full folder listing and file access from the browser.

Mind you i didnt put it on a webserver like Nginx or Apache, just direct. So, i am wondering if that would be the way to go...

[Cédric Krier]

On 2017-10-15 22:34, wela...@elshaden.com wrote:
> I understand but i wanted to limit access to them from the browser.
> What i noticed with the demo.tryton.com website is that if i try to
> for example, open /src/ it gives back a 403 forbidden whereas with the
> config i had it basically gave me full folder listing and file access
> from the browser.

src has nothing secret.
Indeed src is not hidden on the demo, try http://demo4.4.tryton.org/src/sao.js

> Mind you i didnt put it on a webserver like Nginx or Apache, just
> direct. So, i am wondering if that would be the way to go...

The demo server is run through a reverse-proxy, so every POST is
redirected to the trytond server and other requests are served from the
sao folder.

trytond contains a simple web server with no options, it just serves the
data folder. If you want to have more control, you must use a full
featured web server.