Thanks a lot, I'll give it a try this week. I'll let you know if its ok for me.
Nel 2010/4/15 Thierry Delprat <[email protected]>: > Hi, > I created a Jira issue for that : https://jira.nuxeo.org/browse/NXP-5019 > I will commit this morning, let me know if this solves the issue for you. > Tiry > > On 14 April 2010 15:27, Nel Taurisson <[email protected]> wrote: >> >> Hi again, >> >> Thanks for your answer. >> >> > Furthermore, the default Nuxeo/JBoss config is to bind listening port on >> > local IPs only. >> > => This is a explicit configuration choice to make the listening ports >> > open >> > to all IPs >> >> Listening only on local port is ok when accessing only to the webapp >> as apache (or another) handles it. But our problem is to give access >> to the repo from another class of client, not a webapp client but >> somethong else (specifically where working on ftp access to the repo). >> Whats the "clean way" to do it for you if you cannot require a login ? >> >> > You can configure that at Jboss level as Alex suggested. >> >> I think I've missed Alex suggestion, what was it ? >> >> > What we could do in Nuxeo, is add a config parameter to disable system >> > login >> > from a remote host. >> > => would that be ok for you ? >> >> That would be nice yes. >> >> Thanks again. >> >> Nel >> >> >> >> >> >> >> >> >> >> >> >> 2010/4/14 Thierry Delprat <[email protected]>: >> > Hi Nel, >> > I answered inline ... >> > On 14 April 2010 11:12, Nel Taurisson <[email protected]> wrote: >> >> >> >> Hi, >> >> >> >> I'm very surprised that its not an issue for you. I'm very frightened >> >> because, anyway I look to the problem, all I can see is a grave >> >> security risk. >> >> >> >> 1) "In most of the cases, the Nuxeo Server is behind a firewall and a >> >> reverse proxy" : so this is not a choice, this is mandatory. If it is >> >> not installed this way, we have a huge security hole. >> > >> > I am not aware of anyone setting up a production serveur not configuring >> > reverse proxy and firewall. >> > This is not specific to Nuxeo, this is part of the standard security >> > rules >> > for all web applications. >> > Furthermore, the default Nuxeo/JBoss config is to bind listening port on >> > local IPs only. >> > => This is a explicit configuration choice to make the listening ports >> > open >> > to all IPs >> >> >> >> But still, if someone gets access to the server, he can still execute >> >> malicious code and can breaks the repo. >> > >> > True. >> > I usually consider that if someone "bad" can log on the server at OS >> > level >> > : then you are lost. >> > You can slow it down, but you can not prevent him from breaking the >> > server. >> > >> >> >> >> 2) "either RMI access are limited to a sub LAN or RMI access go >> >> through a VPN" : the security hole remains, everybody on your lan can >> >> execute system code on your repository. If you open the RMI acces, >> >> your security policy is uniquely based on the trust you have on your >> >> users >> >> >> >> So, in my opinion, as is : >> >> - there is no way to secure a nuxeo installation, >> >> - the RMI access is useless as potentially dangerous >> >> >> >> Can you give an hint on how to get the rmi connection require a >> >> user/password auth. It must not be very complicated as a >> >> login/password can be used. So the point is just to implement a way of >> >> making it mandatory. >> > >> > >> > You can configure that at Jboss level as Alex suggested. >> > What we could do in Nuxeo, is add a config parameter to disable system >> > login >> > from a remote host. >> > => would that be ok for you ? >> > >> >> >> >> Thanks a lot. >> >> >> >> Nel >> >> >> >> >> >> >> >> >> >> >> >> >> >> 2010/3/26 Thierry Delprat <[email protected]>: >> >> > Hi Nel, >> >> > In most of the cases, the Nuxeo Server is behind a firewall and a >> >> > reverse >> >> > proxy, so this is not an issue. >> >> > For projets using RMI access : >> >> > - either RMI access are limited to a sub LAN (typically Server to >> >> > Server >> >> > communication) >> >> > - or RMI access go through a VPN (Client to Server communication, >> >> > because >> >> > RMI is not NATable) >> >> > So if neither of the solution is applicable for you, you will have to >> >> > tweak >> >> > the LoginModule to add a Shared secret check. >> >> > We'll be glad to help you on that, but until then never had the >> >> > requirement. >> >> > Tiry >> >> > On 26 March 2010 17:54, Nel Taurisson <[email protected]> >> >> > wrote: >> >> >> >> >> >> Ok, thanks. >> >> >> >> >> >> But then how can we secure the repository from malicious code but >> >> >> still giving a remote access to a nuxeo client app we wrote ? >> >> >> >> >> >> Thanks a lot. >> >> >> >> >> >> Nel >> >> >> >> >> >> 2010/3/25 Florent Guillaume <[email protected]>: >> >> >> > Did you actually get an answer? >> >> >> > The short one is that no, it's not possible: Nuxeo Shell uses >> >> >> > JBoss >> >> >> > Remoting, which is designed as an equivalent to RMI and provides >> >> >> > roughly full JVM access. So even if the shell superficially >> >> >> > required >> >> >> > credentials, underlying this the protocol would still be open to >> >> >> > someone that compiled his own shell. >> >> >> > >> >> >> > Florent >> >> >> > >> >> >> > On Mon, Mar 22, 2010 at 5:35 PM, Nel Taurisson >> >> >> > <[email protected]> >> >> >> > wrote: >> >> >> >> Sorry, hit the button to fast. >> >> >> >> >> >> >> >> Thanks a lot for your answers. >> >> >> >> Regards >> >> >> >> >> >> >> >> Nel >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> 2010/3/22 Nel Taurisson <[email protected]>: >> >> >> >>> Hi, >> >> >> >>> >> >> >> >>> It seems to me that it is possible to connect to a remote nuxeo >> >> >> >>> repo >> >> >> >>> without any credential and have full read / write access to the >> >> >> >>> repo. >> >> >> >>> >> >> >> >>> Maybe I'm missing a configuration property or something, but I'm >> >> >> >>> affraid I can execute the following code either on nuxeo 5.2 or >> >> >> >>> 5.3 >> >> >> >>> : >> >> >> >>> >> >> >> >>> Collection<File> files = null; >> >> >> >>> String bundles = System.getProperty("nuxeo.bundles"); >> >> >> >>> if (bundles != null) { >> >> >> >>> files = NuxeoApp.getBundleFiles(new File("."), >> >> >> >>> bundles, >> >> >> >>> ":"); >> >> >> >>> } >> >> >> >>> >> >> >> >>> NuxeoApp app = new NuxeoApp(); >> >> >> >>> app.start(); >> >> >> >>> >> >> >> >>> if (files != null) { >> >> >> >>> app.deployBundles(files); >> >> >> >>> } >> >> >> >>> >> >> >> >>> NuxeoClient client = NuxeoClient.getInstance(); >> >> >> >>> >> >> >> >>> client.tryConnect("localhost", 62474); >> >> >> >>> >> >> >> >>> RepositoryInstance repo = client.openRepository() ; >> >> >> >>> CoreSession documentManager = repo.getSession() ; >> >> >> >>> >> >> >> >>> DocumentModel doc = documentManager.getDocument( new >> >> >> >>> PathRef( >> >> >> >>> "/default-domain" ) ) ; >> >> >> >>> doc.setPropertyValue( "dc:description" , "I could have >> >> >> >>> killed >> >> >> >>> your repo" ) ; >> >> >> >>> doc = documentManager.saveDocument( doc ) ; >> >> >> >>> documentManager.save() ; >> >> >> >>> >> >> >> >>> System.out.println( documentManager.getDocument( new >> >> >> >>> PathRef( >> >> >> >>> "/default-domain" ) ).getPropertyValue( "dc:description" ) ) ; >> >> >> >>> >> >> >> >>> repo.close() ; >> >> >> >>> >> >> >> >> >> >> >> > >> >> >> > >> >> >> > -- >> >> >> > Florent Guillaume, Director of R&D, Nuxeo >> >> >> > Open Source, Java EE based, Enterprise Content Management (ECM) >> >> >> > http://www.nuxeo.com http://www.nuxeo.org +33 1 40 33 79 87 >> >> >> > >> >> >> _______________________________________________ >> >> >> ECM mailing list >> >> >> [email protected] >> >> >> http://lists.nuxeo.com/mailman/listinfo/ecm >> >> >> To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm >> >> > >> >> > >> > >> > > > _______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
