Hi Nel, I answered inline ...
On 14 April 2010 11:12, Nel Taurisson <[email protected]> wrote: > Hi, > > I'm very surprised that its not an issue for you. I'm very frightened > because, anyway I look to the problem, all I can see is a grave > security risk. > > 1) "In most of the cases, the Nuxeo Server is behind a firewall and a > reverse proxy" : so this is not a choice, this is mandatory. If it is > not installed this way, we have a huge security hole. > I am not aware of anyone setting up a production serveur not configuring reverse proxy and firewall. This is not specific to Nuxeo, this is part of the standard security rules for all web applications. Furthermore, the default Nuxeo/JBoss config is to bind listening port on local IPs only. => This is a explicit configuration choice to make the listening ports open to all IPs > But still, if someone gets access to the server, he can still execute > malicious code and can breaks the repo. > True. I usually consider that if someone "bad" can log on the server at OS level : then you are lost. You can slow it down, but you can not prevent him from breaking the server. > > 2) "either RMI access are limited to a sub LAN or RMI access go > through a VPN" : the security hole remains, everybody on your lan can > execute system code on your repository. If you open the RMI acces, > your security policy is uniquely based on the trust you have on your > users > So, in my opinion, as is : > - there is no way to secure a nuxeo installation, > - the RMI access is useless as potentially dangerous > > Can you give an hint on how to get the rmi connection require a > user/password auth. It must not be very complicated as a > login/password can be used. So the point is just to implement a way of > making it mandatory. > You can configure that at Jboss level as Alex suggested. What we could do in Nuxeo, is add a config parameter to disable system login from a remote host. => would that be ok for you ? > > Thanks a lot. > > Nel > > > > > > > 2010/3/26 Thierry Delprat <[email protected]>: > > Hi Nel, > > In most of the cases, the Nuxeo Server is behind a firewall and a reverse > > proxy, so this is not an issue. > > For projets using RMI access : > > - either RMI access are limited to a sub LAN (typically Server to Server > > communication) > > - or RMI access go through a VPN (Client to Server communication, > because > > RMI is not NATable) > > So if neither of the solution is applicable for you, you will have to > tweak > > the LoginModule to add a Shared secret check. > > We'll be glad to help you on that, but until then never had the > requirement. > > Tiry > > On 26 March 2010 17:54, Nel Taurisson <[email protected]> wrote: > >> > >> Ok, thanks. > >> > >> But then how can we secure the repository from malicious code but > >> still giving a remote access to a nuxeo client app we wrote ? > >> > >> Thanks a lot. > >> > >> Nel > >> > >> 2010/3/25 Florent Guillaume <[email protected]>: > >> > Did you actually get an answer? > >> > The short one is that no, it's not possible: Nuxeo Shell uses JBoss > >> > Remoting, which is designed as an equivalent to RMI and provides > >> > roughly full JVM access. So even if the shell superficially required > >> > credentials, underlying this the protocol would still be open to > >> > someone that compiled his own shell. > >> > > >> > Florent > >> > > >> > On Mon, Mar 22, 2010 at 5:35 PM, Nel Taurisson < > [email protected]> > >> > wrote: > >> >> Sorry, hit the button to fast. > >> >> > >> >> Thanks a lot for your answers. > >> >> Regards > >> >> > >> >> Nel > >> >> > >> >> > >> >> > >> >> > >> >> 2010/3/22 Nel Taurisson <[email protected]>: > >> >>> Hi, > >> >>> > >> >>> It seems to me that it is possible to connect to a remote nuxeo repo > >> >>> without any credential and have full read / write access to the > repo. > >> >>> > >> >>> Maybe I'm missing a configuration property or something, but I'm > >> >>> affraid I can execute the following code either on nuxeo 5.2 or 5.3 > : > >> >>> > >> >>> Collection<File> files = null; > >> >>> String bundles = System.getProperty("nuxeo.bundles"); > >> >>> if (bundles != null) { > >> >>> files = NuxeoApp.getBundleFiles(new File("."), bundles, > >> >>> ":"); > >> >>> } > >> >>> > >> >>> NuxeoApp app = new NuxeoApp(); > >> >>> app.start(); > >> >>> > >> >>> if (files != null) { > >> >>> app.deployBundles(files); > >> >>> } > >> >>> > >> >>> NuxeoClient client = NuxeoClient.getInstance(); > >> >>> > >> >>> client.tryConnect("localhost", 62474); > >> >>> > >> >>> RepositoryInstance repo = client.openRepository() ; > >> >>> CoreSession documentManager = repo.getSession() ; > >> >>> > >> >>> DocumentModel doc = documentManager.getDocument( new PathRef( > >> >>> "/default-domain" ) ) ; > >> >>> doc.setPropertyValue( "dc:description" , "I could have killed > >> >>> your repo" ) ; > >> >>> doc = documentManager.saveDocument( doc ) ; > >> >>> documentManager.save() ; > >> >>> > >> >>> System.out.println( documentManager.getDocument( new > >> >>> PathRef( > >> >>> "/default-domain" ) ).getPropertyValue( "dc:description" ) ) ; > >> >>> > >> >>> repo.close() ; > >> >>> > >> >> > >> > > >> > > >> > -- > >> > Florent Guillaume, Director of R&D, Nuxeo > >> > Open Source, Java EE based, Enterprise Content Management (ECM) > >> > http://www.nuxeo.com http://www.nuxeo.org +33 1 40 33 79 87 > >> > > >> _______________________________________________ > >> ECM mailing list > >> [email protected] > >> http://lists.nuxeo.com/mailman/listinfo/ecm > >> To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm > > > > >
_______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
