Content

Page tree

D-SERIES

Web User Interface 

V8: Advanced - QoS/Security (Tab) - Security(Section)__Use hidden security tags

Phone User Interface 

N/A

Firmware 

7.1.33

XML Configuration

<use_hidden_tags perm="PERMISSIONFLAGS">VALIDVALUE</use_hidden_tags>

Description

You can protect the phone's web interface with hidden security tags against remote attackers trying to change phone settings with faked HTTP POST requests (XSRF attack).

To enable this feature, turn this setting on AND change the HTTP User , HTTP Password and Administrator Password from their default values.
If these settings are set to their default values, the phone's Web interface will display the /security.htm page to prompt the user to change the values.

A disadvantage of enabling hidden-tags might be that the Remote Phone Control feature (via i.e. "command.htm"), which is using the same web server on the phone, is disabled.

See also restrict_uri_queries.

Valid Values

<on>, <off>

Default Value

off

NOTE: This feature works only if you have changed HTTP User and HTTP Password as well as the Administrator Password from the default value!