How prevent or restrict the usage of ?.do back door to backend

AnttiP
Tera Contributor

‎04-05-2022 03:47 AM

Does anyone know how we could either prevent or at least restrict the usage of "?.do" back door to backend?

As you well know, many customer wants to restrict the end users = roleless users of going to backend. As there are some OOTB ways to automatically redirect (roleless) users from backend (nav_to.do) to portal, they do not get triggered when ?.do is used. Neither I have found a way to prevent the usage of this method for named or even all users. Any thoughts on this?

What I have tried is: I created an UI page with name '?' and tried creating various ACL rules for it. No effect.

I also created a Support ticket for this.

Labels:
  • 1,769 Views
11 REPLIES 11

Logan Poynter
Mega Sage

‎04-05-2022 06:17 AM

Hello AnttiP,

You could probably use a UI Script to check the current page using window.location and redirect to the portal if it contains ?.do but you can also purely just redirect if they don't have a minimum role like itil using the solution in: https://community.servicenow.com/community?id=community_question&sys_id=4972e50edbfceb848e7c2926ca96...


Please mark my answer as correct/helpful if it has helped you.

Thanks,
Logan

0 Helpfuls

AnttiP
Tera Contributor
In response to Logan Poynter

‎04-05-2022 10:14 PM

Hi Logan,

Thanks for the tip. Unfortunately I was not able to get the UI script marked as solution in another thread to work in my San Diego PDI. Sooo, we're still in square one with this.

BR,
AnttiP.

0 Helpfuls

Pranesh072
Mega Sage

‎04-05-2022 10:40 PM

Restricting local login

As a security precaution, you should do more than rely on redirection properties to prohibit logging in locally. If a user should never log in locally and will always be authenticated by your internal single sign-on system, then a random password should be assigned to each user that is imported into the instance. The random password is most easily set at the time of the user import. If the user data is imported into your system through an import set, you can create an onBefore transform script using the following code . 
var r  = new Packages. java. util. Random ( ) ;

 var str1  = Packages. java. lang. Long. toString (Packages. java. lang.
 Math. abs (r. nextLong ( ) ) , 36 ) ; var str2  = Packages. java. lang.
 Long. toString (Packages. java. lang. Math. abs (r. nextLong ( ) ) , 36
 ) ;

 var newPass  = str1  + str2 ;

target. user_password = newPass ;

 //password now set to a random string like this:
 //qvm81zdrn7cwwylpvw94eebk

https://docs.servicenow.com/bundle/sandiego-platform-administration/page/integrate/single-sign-on/re...
0 Helpfuls

AnttiP
Tera Contributor
In response to Pranesh072

‎04-05-2022 11:03 PM

Hi Pranesh,

Your reply has nothing to do with my original question.

BR,
AnttiP.

0 Helpfuls