 |
 |
 |
 |
 |
HELIOS WebShare User manual
|
8 Security considerations
8.1 Security considerations
8.1.1 WebShare WebObjects Server
HELIOS WebShare's security is provided by a two-tier server application. The WebShare WebObjects server handles the Web user interface on a separate server to ensure that the main file server is not available on the Internet. In addition, SSL encryption is supported.
Incoming HTTP port is 2009.
During the login process, the password is sent in encrypted form (MD-5), as long as the browser has JavaScript activated. When JavaScript is active, the browser will display the word
Crypted in a small window, adjacent to the
Password field (Fig.
5). If it is not, the word will be
Cleartext and the password is sent without any encryption to the WebShare Server.
8.1.2 WebShare File Server
The server file system security will be enforced according to the user credentials. Sharepoint based security allows further restrictions per user, e.g. browse, preview, download, upload and file management.
We highly recommend to use a two-tier server setup which is comprised of a dedicated WebShare WebObjects Server with two network adapters as illustrated in
3.1 "Different setups". The benefit of this setup is:
- Only one HTTP port (default: 2009) is available from the Internet
- HTTP traffic is handled on a dedicated server
(HTTP attacks will not slow down the File Server)
- The dedicated WebShare WebObjects Server does not store any data (in case an unauthorized person is able to log in, they will not find any data).
- It is easier to secure the dedicated server with only one incoming TCP/IP port
- It is easier to use the latest OS updates on this dedicated server
We highly recommend to secure all TCP/IP ports of the WebShare WebObjects Server and allow only incoming HTTP connections on port 2009 (WebShare HTTP default). This can be done via a hardware firewall on an Internet router, or via a software firewall on the WebShare WebObjects Server.
8.1.5 Access from the WebShare WebObjects Server to the WebShare File Server
The WebShare WebObjects Server preferences
WSAllowedHostNames (
6.5 "Preference keys") allows limiting the WebShare WebObjects Server access to a given list of WebShare File Servers. We recommend to specify the hosts which are allowed by the WebShare WebObjects Server to avoid that an unauthorized person routes this HTTP traffic via your WebShare WebObjects Server to their WebShare File Server. Though this is not a security problem, there should be no reason to allow others to use your WebShare WebObjects Server.
8.1.6 Symbolic links within sharepoints
By default, WebShare hides all symbolic link files for security reasons. Irrespective of this, it can happen that a directory includes a symbolic link to some files outside of a sharepoint. When a user duplicates this directory, all references to symbolic links are resolved and copied into the duplicated directory. Therefore, the files will not be symbolic links anymore and can be accessed.
WebShare allows to execute custom scripts which are stored in the "HELIOSDIR/var/webshare/actions" directory. All sample actions were developed as "Perl" scripts. "shell" or other programs are allowed but we recommend "Perl" to ensure server cross-platform compatibility, and avoid quoting problems of special characters in file names/arguments. Please note that action scripts running with the host user ID (or equivalent permissions) can access data outside a sharepoint. For security reasons, you may want to limit the action script availability to individual users by limiting the access permissions of action scripts (e.g. access for user only, access for group only). Action scripts calling UNIX programs (via system, pipe open, shell, etc.) can be dangerous if the file names contain special characters (e.g.
< or
> or
`). Consult a UNIX and "Perl" scripting specialist to verify custom scripts.
8.1.8 Allow all Read or Read/Write access in sharepoints
The optional preference to bypass host permissions
AllRead and
AllReadWrite should not be used unless you are aware that the access to files is not protected by the host OS anymore. By default, these two preferences are turned off and can only be turned on via a special WebShare File Preference.
8.1.9 "wsaddshare" and "wslogin" scripts
The optional "wsaddshare" script allows limiting the sharepoint administration to a few specific path names (e.g. only "/data" and "/webshare" are allowed). Set up a list of allowed path names via "wsaddshare" to ensure that the WebShare Administrator cannot publish the entire server.
The "wslogin" script allows additional auditing of user logins, e.g. verifying the remote address or limiting the login to specific hours/days.
8.1.10 No content security
By default, WebShare uses crypted passwords, nobody can spy these passwords because WebShare uses a random number which is different for each HTTP login. The complete content, e.g. directory listings, image previews and uploads/downloads, is sent over the Internet without encryption in a default installation. Internet providers, local users, etc. can use network monitoring tools to spy your activities. Complete encryption via HTTPS can be enabled by setting up an Apache Web Server with HTTPS support, used with the Apple WebObjects adapter. Consult the Apple WebObjects documentation for details.
| © 2004 HELIOS Software GmbH |