Details
-
Enhancement
-
Status: Resolved (View Workflow)
-
Trivial
-
Resolution: Fixed
-
Meridian-2021.1.11, 29.0.6, Meridian-2022.1.0
-
None
-
Security Level: Default (Default Security Scheme)
-
Docs - Feb 7 - March 4
-
Yes
-
Medium High
-
DB
-
-
0.5
Description
Update Meridian and Horizon docs with a warning about exposing the Web UI Console and Login page to the Open Internet. Something like:
OpenNMS Horizon and Meridian were designed to run within an organization's protected intranet. The web console and login pages must not be directly exposed to the Internet without appropriate isolation controls (e.g., a VPN with multi-factor authentication).
OpenNMS also provides other cloud-based products which are designed for use from the Internet, which have appropriate controls for use across the Internet.
(I'm not sure if we need the second paragraph.)