Now that I have the new 6.1 webclient working, I'm trying to lock it down to the same level as I've had 6.0.3 locked down.
With 6.0.x, I was able to lock it down so that the only the local host was allowed to connect to the netrpc service. The web client running on the server. Using an apache ssl proxy I was able only allow https access to the web client.
The unsecured xmlrpc service was disabled.
Access from outside the server eg GTK client (or OpenOffice plugin) could only connect using xmlrpcs.
I can't replicate this setup with 6.1.
With the new web client, are there other changes to the way the server accepts client connections? Changes to the configuration options? .. .. that are documented? ;)
; 6.0.3 version
; db_* removed for this example
netrpc = True
netrpc_interface = 127.0.0.1
netrpc_port = 8070
xmlrpc = False
xmlrpcs_port = 8071
secure = True
secure_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
secure_pkey_file = /etc/ssl/private/ssl-cert-snakeoil.key