Cofax logo www.cofax.org
Welcome to the Cofax.org web site 
AboutTechnologyDownloadCofax in ActionContactsDevelopmentDocumentationSite map
0 > Home > Documentation > Installation Instructions > Securing Your Cofax Installation print this email this   
 
 
 
   
 

Securing Your Cofax Installation




  • This sounds like common sense but it needs to be said - Never use sa or blank passwords to access database. Change port of database. Edit $TOMCAT_HOME/webapps/content/WEB-INF/web.xml to change database connectivity parameters.
  • Never leave CDS Admin cache administration at default URL. Edit $TOMCAT_HOME/webapps/content/WEB-INF/web.xml and change servlet-mapping for cofaxAdmin, removePageCache, and removeTemplateCache init-params to appropriate values. Obfuscate these URLs.
  • While Editor's Tools do provide basic security - KRD does not run Editor's Tools on outside firewall machines. You will need multiple machines to accomplish this. Edit $TOMCAT_HOME/webapps/content/WEB-INF/web.xml and remove the cofaxTools servlet config from the display machine. When doing this, you can now take advantage of SQL Server security by having the Editor's Tools machine be configured with a SQL Server user that has rights to run "s_" prefixed stored procedures and a Display machine user that does not. This will effectively lock down your database server from malicious intent. Do not give Display user direct rights to any database tables or views. Stored procedures are all that are required for db access in Cofax.
  • Move serving static resources (images, etc) from Cofax in Tomcat to Apache. Doing so reduces the need for access to the CDS file system. Edit $TOMCAT_HOME/webapps/content/WEB-INF/web.xml init-param configGlossary:staticPath and point to the new relative URL and there is no need to change any templates.

    More notes to come

    		•   
       

    Powered by Cofax - Please see www.cofax.org for more information.

    Valid HTML 4.01!    Valid CSS!