Setting Path Permissions
For security reasons, Corda Server™ can
only read Image Template files, data files and Web documents from authorized
locations. Likewise, it can only write image and document files to authorized
locations. By default, Corda Server can only read from its document root
directory and subdirectories, and the localhost
(127.0.0.1) domain. It can only write to the \images folder of the document root directory.
You must authorize any other locations to which you want Corda Server
to have read or write access. For example, suppose that you wanted to
load a Web document from a Web application server located at http://webapp.mycompany.com.
Corda Server needs permission to retrieve data from this location. Likewise,
you must authorize Corda Server to load an Image Template file from C:\InetPub on the system on which Corda Server is
loaded.
Control which locations Corda Server can read or write from by editing
the path.xml file. This file is located in
the config directory. Edit it in a text editor
(such as Microsoft* Notepad) or in Corda Server Administrator.
The Need for Security
To convince you of the need for a path.xml
file and to keep you from defeating the purpose of this file, we should
point out two ways by which an insecure server can be abused.
First of all, without Corda Server built-in security settings, Corda
Server's save capabilities can be used to overwrite crucial system files.
For example, Corda® Embedder's saveToCordaServer
method allows a programmer to save images for future use to the machine
running the Corda Server. A hacker can easily use this method to save
an image over a system file, thus crashing the server, or to save an unrestricted
number of files to disk, making you run short on critical disk space.
Note: You also need to specify
a password to save images to Corda Server, so this could only happen if
the password were insecure.
To prevent this from occurring, the path.xml
file controls the directories to which Corda Server can write files. By
default, the only directory to which images and documents can be saved
is the images folder inside of the document
root directory. Unless you have a really good reason to add another location,
leave it this way.
The second security issue is that Corda Server can read files from URLs.
Although this flexibility is one of Corda Server's most attractive features,
it also presents several security risks. First of all, it makes it possible
that the server can be used for denial of service attacks, by repeatedly
requesting large documents from other Web servers.
It also creates the possibility of parasites—outside users that "hi-jack"
another organization's Corda Server to generate their Corda images.
To prevent such abuse, the path.xml file
allows you to specify a list of valid callback domains. The term callback describes any request that Corda Server
makes to an outside resource for information (Image Template files, data,
etc.)
Modifying path.xml
To add or remove path and URL permissions for Corda Server, modify the
path.xml file.
To add permission to read from a specified URL
-
Log in to Corda Server Administrator and go to the Security
> Path / URL Permissions screen.
The textbox on this screen contains the contents of the path.xml
file. Edit the file directly in this textbox.
-
Copy the following text (which also appears at the top of the page
in Corda Server Administrator and paste it immediately above the last
line:
<Map Name=" MyAppServer
" Path=" appservername.mycompany.com
" Action=" allowDomain
"/>
-
Replace MyAppServer (the value
of the Name attribute) with the name you want
to give to this mapping.
This name is for descriptive purposes only and is entirely up to
you. In fact, this step is entirely optional.
-
Replace appservername.mycompany.com
(the value of the Path attribute) with the DNS
name or IP address of the host from which Corda Server can read files.
This allows Corda Server to read any file that comes from the specified
host. For example, specifying www.mycoolstats.com
lets Corda Server read from sources such as http://www.mycoolstats.com/data/110899.html,
http://www.mycoolstats.com/renderer?name=bar&image_template=26,
etc.
Corda Server also supports wildcards. For instance, *.corda.com
would allow any host in the corda.com domain (www.corda.com, popchart.corda.com,
etc.). Similarly, 10.0.*.* allows Corda Server
to read from any IP address that begins with 10.0.
Click the Submit
Changes button. You do not need to restart Corda Server.
To add permission to read from a specified local path
-
Log in to Corda Server Administrator and go to the Security
> Path / URL Permissions screen.
The textbox on this screen contains the contents of the path.xml
file. Edit the file directly in this textbox.
-
Copy the following text and paste it immediately above the last
line:
<Map Name=" Read
" Path=" ./path
" Action=" Load
"/>
Note: This text is different
from the text that appears in Corda Server Administrator.
-
Replace Read (the value of the
Name attribute) with the name you want to give
to this mapping.
This name is for descriptive purposes only, and is entirely up to
you. In fact, this step is entirely optional.
-
Replace ./path (the value of the
Path attribute) with the local path from which
you want to allow Corda Server to read files.
If you precede the path with ./, Corda
Server assumes it to be relative to the document root. Otherwise, it assumes
the path to be an absolute path, accessible to the machine on which Corda
Server is running. Put a wildcard at the end of a path to indicate that
Corda Server has permission to read from any of the path's subdirectories.
For example, setting this value to F:\InetPub\mydata\*
lets Corda Server read anything from the F:\InetPub\mydata
directory, as well as any of its subdirectories. Similarly, setting this
value to ./data lets Corda Server read from
the \data directory in the document root,
but none of its subdirectories.
Click the Submit
Changes button. You do not need to restart Corda Server.