| Table of Contents |
|---|
We are working on a special sprint enhancing security The following security enhancements were added to prevent software vulnerabilities in all the OMK Applications.
...
- opCharts 4.2.5
- opConfig 4.2.4
- opEvents 4.0.2
- opHA 3.3.1
- opReports 4.2.2
Randomize Secrets
New setup A new tool to randomize the secrets from the command line. This tool will randomize omkd_secrets tokens in OMK and also, NMIS auth_web_key when it matches some of the OMK tokens (Usually set to configure . The omkd_secrets token is used for Single-Sign-On, see SSO for Opmantek Applications).
This tool is also called by the installer and fixed CVE-2021-38551.
...
/usr/local/omk/bin/opcommon-cli.exe act=secrets_randomise [force=true] [length=N]
Where:
force=truewill change the token even if this is not the default (Like =~ change_me)length=Nwill force the token length to N (32 by default)
...
| Cookie | Support | Behaviour |
|---|---|---|
| HttpOnly |  By default | The cookies are not going to be accesible accessible from the JavaScript API. |
| secure | Should be enabled by setting the configuration item "auth_secure_cookie" => "true" in opCommon.json. | This cookie could be sent just in a request ciphered over https protocol. That's the reason why it is not set by default. |
SameSite set to Strict |
| The cookie set to strict means that the browser only sends the cookie if the request was made in the website that originally established the cookie. |
...
Content Security Policy
The Security Content Policy often referred to as Content Security Policy , is a HTTP response header that helps you restrict which resources (JavaScript, CSS, Images, etc.) are loaded from the allowed sites. This helps to mitigate some attacks of Cross Site Scripting (XSS) and data injection.
...