Author Archives: TimL

List of most to least secure ways of connecting to the Noodle service:

  1. On a network not (even indirectly) connected to the internet.
    • online features will necessarily not work;
      • email
      • upgrade button
      • unsplash
      • auto ssh
      • etc
  2. On a network only indirectly connected to the internet.
  3. On a public network with a firewall or NAT port forwarding blocking all but one port.
  4. On a public network.

Public network security options:

  • HTTPS
  • DNS CAA records
  • HTTP headers (content-security-policy, strict-transport-security, etc)
  • White list
  • Auto blacklisting enabled.
  • "Session Security Level" to 4 (prevent session hijacking).
  • IWA or 2 factor authentication.
  • "Minimum password length" to 8 (make password guessing harder).
  • Encrypted VPN or ssh tunnel.
  • Anonymity networks like tor can be used, optionally with ssl or ssh (in practice will prevent anyone, including governments, from knowing what server a user is talking to).

    • Instead of downgrading we encourage you to report issues and then upgrade to a fixed version.
    • A new unwanted feature can often be made optional by adding a setting to disable it.
    • To test customizations against a new version we recommend cloning the VM or DB to a test instance to try the upgrade out before applying it to the production version.
    • If only the last number of the version has changed, downgrade by replacing its lib directory with the old version.
    • If the second number in the version changes reverting the database structure will require a custom build.

Steps to make IE behave more like Chrome or Firefox:

Upgrade to version 11 (or 8 if on XP)
Reset IE:
  1. Tools>internet options>advanced>reset>check delete personal settings>reset
  2. close IE (all windows)
Make IE usable on windows server:
  1. Tools>internet options>advanced>uncheck automatically recover from page errors with compatibility view
  2. Tools>internet options>security>select trusted sites>set to low>sites>remove all the current sites and add the Noodle url.
  3. Tools>internet options>security>select trusted sites>set to low>custom level>scroll all the way down and disable "XSS filter"
  4. tools>compatibility view settings> remove and uncheck all.

For mailto:

  1. Make sure you are on your Google Mail page.
  2. Copy/paste this into the address bar:
    • javascript:navigator.registerProtocolHandler("mailto","https://mail.google.com/mail/?extsrc=mailto&url=%s","Gmail")
  3. Add the javascript: to the front again if it got automatically trimmed. Then hit enter.

For webcal:

  1. Make sure you are on your Google Calendar page.
  2. Copy/paste this into the address bar:
    • javascript:navigator.registerProtocolHandler("webcal","https://www.google.com/calendar/render?cid=%s","Google Calendar")
  3. Add the javascript: to the front again if it got automatically trimmed. Then hit enter.

 

Noodle SSO can be setup with IWA directly, or via SAML;

For non managed users there is also an option to store the password in the web browser:

  1. Add a web shortcut to the users startup
  2. Options:
    • Enable  the "Noodle > System Tools > Settings > User Settings > Remember my login information" feature
      • http[s]://YOUR.DOMAIN.TLD[:PORT]/[IntraNet.po|Noodle.po]
      • This option will ask for a password if the user ever clicks logout.
      • A link can be downloaded from the profile page.

This page is for those who host on their own Windows server and are trying to diagnose the cause of a 404.

  1. If your browser on the server is displaying the page (http://127.0.0.1) properly, it's a networking problem:
    • check port forwarding, routing, firewalls, and dns on the server, client, and every device inbetween.
  2. If your browser on the server is displaying the wrong page or anything other than a timeout, it's a service conflict (logs contains "Address already in use"):
    • Use a different port or stop and disable other services using port 80.
      • Windows - built in:
        • sc config http start= disabled
        • net stop http /y
      • Linux - list what is using the port:
        • netstat -lnp | grep ":80"
  3. If /logs/err.log said it can't find a class:
    • use 7z to check the build is not corrupted.
  4. If there is no noodle.log it's a .bat or Java problem:
    • run the intranet.bat one line at a time to isolate the problem.
    • reinstall Java and update intranet.bat to the new java.exe .
  5. If there is no java.exe in the task manager it's a config problem:
    • look in the log file for errors.
    • run a copy of intranet.bat without the loop or exit to find errors not in the log.

If users experience a "Session closed" message there are 2 possibilities:

  1. The user accessed Noodle with more than one IP address.
    • change the setting "System Tools>Settings>General Settings>Session Security Level (IP address matching)" to "0". ("4" being the maximum).
  2. The user accessed Noodle with more than one cookie (or browser/OS)
    • solution: logout on one browser before using another.

There are prehtml posthtml prejs postjs JavaScript events on select pages.
The prejs and postjs events are for the running of the JS not for the loading of scripts by the browser.
There can me multiple postjs events as it's triggered after any ajax that adds to the page.
Nothing other than custom scripts listen for these events.

Usage example:

function my_method(){alert("hello world");}
top.noodle.cbc.addEventListener(top.document.getElementById('main'), 'postjs', my_method);

or if you are using IE:

function my_method(e){if(e.noodle=="postjs"){alert("hello world");}}
top.noodle.cbc.addEventListener(top.document.getElementById('main'), 'propertychange', my_method);