NetCloak 3.0 Pro User's Guide: Configuring NetCloak Pro

	Version 3.0 Pro User's Guide

Configuring NetCloak Pro	Previous \| Next Contents

NetCloak Pro provides additional configuration options beyond those provided by NetCloak Standard Edition. This section describes those additional configuration options. For a description of the configuration settings provided by NetCloak Standard Edition, refer to the NetCloak Standard User's Guide.

Files

The first tab of the Configuration window allows you to set the root folder and special file names needed by NetCloak.

Recent List Page -- NetCloak Pro adds one extra field to the "Files" tab and Web admin page. This setting defines the name of the file used as a template for "Recent Lists"; the pages that are displayed in response to "/RECENT_*.fdml" URLs (see the section "Creating & Accessing Recent Articles Lists"). The file named in this field should be located in the same folder as the NetCloak.acgi application (when using the CGI) or the Web server application (when using the plug-in). The file is loaded into RAM at startup. This is a simple HTML file that includes the special command tag:

    <INSERT_RECENT_LIST>

The returned page will be displayed with the recent links included (as <LI> items) at the point of the <INSERT_RECENT_LIST> tag. If necessary, you can change the name of this page to suit your needs.

Options

Figure 5: The Options tab of the NetCloak Pro Configuration window

Figure 6: The Options page of the NetCloak Pro Web admin interface

NetCloak Pro provides additional options beyond those provided in NetCloak Standard, that let you specify how to handle creation of new files. To select these preferences, use the "Options" tab of the configuration window.

Character Translation

When Saving -- NetCloak will convert ISO-Latin-1 character encodings or HTML entities in submitted form data to Mac Roman extended characters in created or updated files according to the selected option:

None -- Performs no character conversion.

ISO-Latin-1 to MacRoman -- Convert "extended" ASCII characters (with ASCII values greater than 128) from the ISO-8859-1 (ISO-Latin-1) character set to the standard MacRoman character set, so that the file is in a standard Macintosh text format. When such characters are viewed in a Macintosh text application, they will appear as the expected Mac extended characters (the apple symbol, the bullet symbol, etc.). When viewed in a web browser, however, unexpected "garbage characters" may appear-particularly if the browser is running on something other than the Mac OS.

Convert from HTML Entities -- When this option is selected, extended characters in the form data are converted into the HTML-defined "entity" codes (such as " "), so that they appear correctly in HTML documents viewed in any Web browser.

When Saving Duplicate Files

This setting tells NetCloak Pro what to do when creating files via a CREATEDOC directive, and an existing file with the same name in the same folder already exists. Valid options for this setting are:

Overwrite -- Always overwrite the existing file with the newly-created file.

Unique -- Never overwrite the existing file; instead, a new file with a unique filename is created. The new filename consists of the original filename with up to two alphanumeric characters appended to it.

Smart -- Use "smart resubmit"; this means that the existing file will only be overwritten if it is less than 15 minutes old, and was submitted by the same user (IP address).

HTML

The NetCloak Pro version of the HTML configuration tab and Web admin page are shown below.

Figure 7: The HTML tab of the NetCloak Configuration window.

Figure 8: The HTML page of the NetCloak Web admin interface.

NetCloak Pro adds two additional fields to the HTML configuration settings.

Article Link Text

Next - Defines the default text displayed in the hypertext link created by the <LINKNEXT> tag in created documents. The value of this configuration setting can by any string of text not including double-quote characters. The default value supplied by NetCloak Pro is "Next Article".

Previous - Defines the default text displayed in the hypertext link created by the <LINKPREVIOUS> tag in created documents. The value of this configuration setting can by any string of text not including double-quote characters. This value defaults to "Previous Article".

Logs

NetCloak Pro adds no additional configuration options to the Logs tab/Web admin page.

Security

NetCloak Pro adds several options that are necessary to ensure the safety and security of your Web server while processing forms with FDML files. The additional controls in the "Processing Forms" section of the Security tab and Web admin page are shown and described below.

Figure 9: The Security tab of the NetCloak Pro Configuration window.

Figure 10: The Security page of the NetCloak Pro Web admin interface.

Processing Forms

Convert angle brackets to HTML entities - This checkbox determines whether or not articles containing the less-than (<) and greater-than (>) brackets should be converted into their HTML encoded equivalents for use on the Web. HTML reserves a small number of ASCII characters for use as formatting instructions, including the (<) and (>) brackets, and if these characters are to be used in the body of an HTML document they must be first converted. Checking the "Convert angle brackets..." option will convert these brackets into their HTML character tag equivalents, "<" (for less-than, '<') and ">" (for greater-than, '>'). When checked, articles containing greater than and less than symbols will not produce unexpected formatting when they are submitted and converted to HTML documents on your server.

When not checked, NetCloak Pro will simply leave the brackets in the user-entered text when it is inserted. This allows users to enter HTML tags and markup their articles.

The security advantage of selecting this option is that you will be able to prevent authors from embedding HTML tags in their articles, including formatting commands, images, and links to other pages. The downside, of course, is that if this option is selected, users won't have the option of entering HTML tags on their own to enhance the formatting of their pages.

Restrict access to Root Folder - When this checkbox is checked, all FDML activity is restricted to the configured Root Folder. No file outside this folder can be opened, read from, written to, or created in any way whatsoever. This rule is applied to all FDML primary and supplemental directives, so that, for instance, the COPY command cannot be used to save files to other mounted volumes.

This option is enabled by default, and there is rarely a reason to turn it off. Older versions of NetForms did not support Mac OS alias resolution, so allowing access outside the Root Folder provided a means of accessing other volumes. Now, however, you can access any folder on any mounted volume simply by placing an alias of the folder inside the Root Folder.

On the other hand, there are very good reasons for leaving it on. When you permit NetCloak Pro to access files outside the Root Folder, any file, even those within the System Folder, can be opened, read, or overwritten using the appropriate FDML commands. This is particularly dangerous if you provide FTP upload abilities to your users, or if you disable some of the other security settings described below. In such a situation, a malicious user with knowledge of FDML syntax could upload or submit an FDML file which contained directives instructing NetCloak Pro to overwrite your System or Finder files with meaningless garbage- thus quickly turning your server into an expensive paperweight.

Prohibit FDML tags in form fields - When this option is checked, then NetCloak Pro pre-screens all input form data and rejects any post that contains any FDML tags.

Again, this setting exists to prevent malicious users with knowledge of FDML syntax from submitting data that creates a new FDML file on your server, which could be written to return the contents of sensitive files via the user's Web browser.

FDML files must have suffix '.fdml' - This security setting causes NetCloak Pro to double-check the file suffix of FDML files before processing their contents. If the suffix of the file does not match the configured value (which defaults to ".fdml" and rarely need to be changed), then NetCloak Pro merely returns an error message to the user who submitted the form.

Early version of NetForms would process any file containing FDML commands which was specified in a form's ACTION attribute. This posed a potential security risk because a hacker could enter FDML commands into documents saved with an ".html" or ".txt" extension, and NetForms could then be used to retrieve files from the web server using that new, bogus, FDML file. Enabling this option causes NetCloak Pro to reject any FDML file not ending with the configured suffix. By default, the suffix is set to ".fdml". Obviously, the configured suffix should not be used as the suffix of any files created via CREATEDOC or TEXTSTORE directives.

Form and FDML must be on the same server - When you enable this security setting, you are preventing other web sites from "hijacking" your form.

Because the URL that defines the location of your FDML file, such as "http://your.server.com/Recipes/Recipe.FDML", can be accessed from anywhere on the Internet, any web site could duplicate or copy the HTML form which provides user input to your FDML. Then, anyone using that form on the other web site would submit data to your server to be processed by NetCloak Pro. This is known as "hijacking" your form.

This can cause many undesirable effects, such as skewing survey data collected via the form, or overloading your web server with more traffic than it was designed to withstand.

When this option is enabled, NetCloak Pro verifies that the HTML form used to submit data and the FDML file which will process the data reside on the same machine. If they do not, an error message is returned to the web browser and the form data is not processed.

Update Recent Database

The "Update Recent Database" menu command in the "Configuration" menu will scan all recent lists currently in memory, removing entries for files that no longer exist on the server. In other words, when you delete articles from your server, you can have them removed from the recent lists simply by selecting this menu item.

Auto-Map Menu

.FDML Files to CGI

Choosing this command causes NetCloak Pro to create a new "Action" and "Suffix Mapping" in WebSTAR. This will update your server's configuration so that all URLs ending in ".FDML" will automatically be handled by NetCloak Pro. This allows you to simplify your HTML <FORM> tags, because the ACTION attribute specified in the FORM tag becomes simply the URL of the FDML file.

Note that this command only works with WebSTAR, and it assumes that the file "NetCloak.acgi" is located in the web server root folder. Other web servers cannot be automatically set up by NetCloak Pro, even though they may support "actions" and "suffix mappings". Consult your web server's documentation for information on setting up a NetCloak Pro action and suffix mapping manually.


Copyright © 1996-1999 Maxum Development Corporation http://www.maxum.com/	Previous \| Next Contents