Hi again, Thanks for your answer.
> Furthermore, the default Nuxeo/JBoss config is to bind listening port on > local IPs only. > => This is a explicit configuration choice to make the listening ports open > to all IPs Listening only on local port is ok when accessing only to the webapp as apache (or another) handles it. But our problem is to give access to the repo from another class of client, not a webapp client but somethong else (specifically where working on ftp access to the repo). Whats the "clean way" to do it for you if you cannot require a login ? > You can configure that at Jboss level as Alex suggested. I think I've missed Alex suggestion, what was it ? > What we could do in Nuxeo, is add a config parameter to disable system login > from a remote host. > => would that be ok for you ? That would be nice yes. Thanks again. Nel 2010/4/14 Thierry Delprat <[email protected]>: > Hi Nel, > I answered inline ... > On 14 April 2010 11:12, Nel Taurisson <[email protected]> wrote: >> >> Hi, >> >> I'm very surprised that its not an issue for you. I'm very frightened >> because, anyway I look to the problem, all I can see is a grave >> security risk. >> >> 1) "In most of the cases, the Nuxeo Server is behind a firewall and a >> reverse proxy" : so this is not a choice, this is mandatory. If it is >> not installed this way, we have a huge security hole. > > I am not aware of anyone setting up a production serveur not configuring > reverse proxy and firewall. > This is not specific to Nuxeo, this is part of the standard security rules > for all web applications. > Furthermore, the default Nuxeo/JBoss config is to bind listening port on > local IPs only. > => This is a explicit configuration choice to make the listening ports open > to all IPs >> >> But still, if someone gets access to the server, he can still execute >> malicious code and can breaks the repo. > > True. > I usually consider that if someone "bad" can log on the server at OS level > : then you are lost. > You can slow it down, but you can not prevent him from breaking the server. > >> >> 2) "either RMI access are limited to a sub LAN or RMI access go >> through a VPN" : the security hole remains, everybody on your lan can >> execute system code on your repository. If you open the RMI acces, >> your security policy is uniquely based on the trust you have on your >> users >> >> So, in my opinion, as is : >> - there is no way to secure a nuxeo installation, >> - the RMI access is useless as potentially dangerous >> >> Can you give an hint on how to get the rmi connection require a >> user/password auth. It must not be very complicated as a >> login/password can be used. So the point is just to implement a way of >> making it mandatory. > > > You can configure that at Jboss level as Alex suggested. > What we could do in Nuxeo, is add a config parameter to disable system login > from a remote host. > => would that be ok for you ? > >> >> Thanks a lot. >> >> Nel >> >> >> >> >> >> >> 2010/3/26 Thierry Delprat <[email protected]>: >> > Hi Nel, >> > In most of the cases, the Nuxeo Server is behind a firewall and a >> > reverse >> > proxy, so this is not an issue. >> > For projets using RMI access : >> > - either RMI access are limited to a sub LAN (typically Server to >> > Server >> > communication) >> > - or RMI access go through a VPN (Client to Server communication, >> > because >> > RMI is not NATable) >> > So if neither of the solution is applicable for you, you will have to >> > tweak >> > the LoginModule to add a Shared secret check. >> > We'll be glad to help you on that, but until then never had the >> > requirement. >> > Tiry >> > On 26 March 2010 17:54, Nel Taurisson <[email protected]> wrote: >> >> >> >> Ok, thanks. >> >> >> >> But then how can we secure the repository from malicious code but >> >> still giving a remote access to a nuxeo client app we wrote ? >> >> >> >> Thanks a lot. >> >> >> >> Nel >> >> >> >> 2010/3/25 Florent Guillaume <[email protected]>: >> >> > Did you actually get an answer? >> >> > The short one is that no, it's not possible: Nuxeo Shell uses JBoss >> >> > Remoting, which is designed as an equivalent to RMI and provides >> >> > roughly full JVM access. So even if the shell superficially required >> >> > credentials, underlying this the protocol would still be open to >> >> > someone that compiled his own shell. >> >> > >> >> > Florent >> >> > >> >> > On Mon, Mar 22, 2010 at 5:35 PM, Nel Taurisson >> >> > <[email protected]> >> >> > wrote: >> >> >> Sorry, hit the button to fast. >> >> >> >> >> >> Thanks a lot for your answers. >> >> >> Regards >> >> >> >> >> >> Nel >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> 2010/3/22 Nel Taurisson <[email protected]>: >> >> >>> Hi, >> >> >>> >> >> >>> It seems to me that it is possible to connect to a remote nuxeo >> >> >>> repo >> >> >>> without any credential and have full read / write access to the >> >> >>> repo. >> >> >>> >> >> >>> Maybe I'm missing a configuration property or something, but I'm >> >> >>> affraid I can execute the following code either on nuxeo 5.2 or 5.3 >> >> >>> : >> >> >>> >> >> >>> Collection<File> files = null; >> >> >>> String bundles = System.getProperty("nuxeo.bundles"); >> >> >>> if (bundles != null) { >> >> >>> files = NuxeoApp.getBundleFiles(new File("."), bundles, >> >> >>> ":"); >> >> >>> } >> >> >>> >> >> >>> NuxeoApp app = new NuxeoApp(); >> >> >>> app.start(); >> >> >>> >> >> >>> if (files != null) { >> >> >>> app.deployBundles(files); >> >> >>> } >> >> >>> >> >> >>> NuxeoClient client = NuxeoClient.getInstance(); >> >> >>> >> >> >>> client.tryConnect("localhost", 62474); >> >> >>> >> >> >>> RepositoryInstance repo = client.openRepository() ; >> >> >>> CoreSession documentManager = repo.getSession() ; >> >> >>> >> >> >>> DocumentModel doc = documentManager.getDocument( new >> >> >>> PathRef( >> >> >>> "/default-domain" ) ) ; >> >> >>> doc.setPropertyValue( "dc:description" , "I could have >> >> >>> killed >> >> >>> your repo" ) ; >> >> >>> doc = documentManager.saveDocument( doc ) ; >> >> >>> documentManager.save() ; >> >> >>> >> >> >>> System.out.println( documentManager.getDocument( new >> >> >>> PathRef( >> >> >>> "/default-domain" ) ).getPropertyValue( "dc:description" ) ) ; >> >> >>> >> >> >>> repo.close() ; >> >> >>> >> >> >> >> >> > >> >> > >> >> > -- >> >> > Florent Guillaume, Director of R&D, Nuxeo >> >> > Open Source, Java EE based, Enterprise Content Management (ECM) >> >> > http://www.nuxeo.com http://www.nuxeo.org +33 1 40 33 79 87 >> >> > >> >> _______________________________________________ >> >> ECM mailing list >> >> [email protected] >> >> http://lists.nuxeo.com/mailman/listinfo/ecm >> >> To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm >> > >> > > > _______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
