Lokasi ngalangkungan proxy:   [ UP ]  
[Ngawartoskeun bug]   [Panyetelan cookie]                

Webware Security

This page is for notes and discussion on how to secure all aspects of your Webware application. If you have links to other pages related to web-server and OS security issues please add them below.

Securing your server (the machine and OS)

Securing your installation of Webware

  • Open Webware/WebKit/Application.config with a text editor and change the 'AdminPassword'. (or remove the Admin context completely.)

Securing your Webware application

The two things I love most about this system are: 1) it's simple, and 2) it doesn't require sessions (server state). -- TerrelShumway - 10 July 2004

You might also consider:

  • periodically reseeding python's random number generator from a strong source (such as /dev/random or EGD),

  • binding session Ids to client IP addresses (though this may annoy mobile DHCP sessions),

  • after successful name+password authentication in an SSL session, drop the old session and generate a new one. Set the "secure" flag in the associated _SID_ cookie sent to the client, to reduce the risk of eavesdropping. -- KenLalonde - 28 Nov 2001

  • URLSessionIDSecurity -- security concerns if you put the

    session ID in the URL (via GET variable or path)