Documentation

Security

The MoxieManager requires you to be authorized using a authenticator. There are a few bundled authentications but you can also write your own if you have custom needs.

Client-side settings

Any settings setup client side, either when using MoxieManager standalone (moxman.browse()) or with TinyMCE moxiemanager_ settings always asume everything is insecure.

Client side settings and javascript is run on the client and is therefor not to be trusted. Be careful when using client side configuration options such as rootpath, make sure your backend (config.php, Web.config) rootpath setting is where you place your security.

Other settings

There are other potential settings that can cause security issues, such as allowing users to upload executable files (PHP, ASPX etc). If you do not have the knowledge yourself to understand the dangers, please consult a professional developer to help you wih your configuration.

SessionAuthenticator

This authenticator will look for a specific session key and check if it's value equals true. This enables you to set this session variable in your systems login page.

BasicAuthenticator

This authenticator will display a login dialog for the user and match the username/password against the configured users. This is normally used when the MoxieManager is used in standalone mode.

IpAuthenticator

This authenticator will verify that the user has access by checking if their IP number matches a list of valid ones or is within a range of ip numbers.

ExternalAuthenticator

This authenticator will take all session cookies and pass them on to a backend page. That page will then verify that the user is logged in properly. This is useful when the MoxieManager is to be integrated with other languages like classical asp or jsp.

AspNetAuthenticator

This uses the build in authentication method in .NET and is only available in the .NET version.

3rd Party Libraries (PHP)

For CodeIgniter, we recommend using Native-sessions and the SessionAuthenticator for integration.

For Symfony, we recommend using the SymfonyAuthenticator that comes with the package.

For CakePHP, we recommend using the CakeAuthenticator that comes with the package.

For CodeIgniter, we recommend using the CodeIgniterAuthenticator that comes with the package.

For Wordpress, follow these instructions.

For Zend 2, we recommend using the ZendAuthenticator plugin.