.dmg/Serious Software/NetCloak 3.0.3 Pro CD demo.sea/NetCloak 3.0.3 Pro CD demo/NetCloak Introduction/NetCloak/NCUsersGuide/Figures/NC.GIF){kind=small}
User's Guide
Security
Contents
|
Version 3.0 User's Guide |
Security |
Previous |
Next Contents |
NetCloak provides several security options designed to make your server as secure as you need it to be while giving you flexibility that is not possible with your Web server alone. Much of NetCloak's security benefits are found in the commands themselves, but there are also several options you can select from on the "Security" tab of the Configuration window.
.dmg/Serious Software/NetCloak 3.0.3 Pro CD demo.sea/NetCloak 3.0.3 Pro CD demo/NetCloak Introduction/NetCloak/NCUsersGuide/Figures/Figure10.gif)
.dmg/Serious Software/NetCloak 3.0.3 Pro CD demo.sea/NetCloak 3.0.3 Pro CD demo/NetCloak Introduction/NetCloak/NCUsersGuide/Figures/Figure11.gif)
Figure 11: The Security page of the NetCloak Web admin interface.
Don't serve files with creator code 'WWWΩ' - This option lets you specify that Mac OS files created by certain applications are not allowed to be served through NetCloak. The default setting is to prevent any file created by WebSTAR (with creator code 'WWWOmega') from being served, which protects the sensitive information contained in the WebSTAR Settings and WebSTAR.pass files created by WebSTAR. If you use some other Web server software, you may want to change this setting to the creator code of that application. Utilities such as ResEdit or shareware such as Snitch or FileTyper allow you to view and/or modify the creator codes of files.
Enable web administration - (CGI only) By default, the NetCloak CGI does not allow access to the Web browser administration pages. To be able to edit configuration settings of the NetCloak CGI from any Web browser, check this checkbox. Web administration is always enabled in the NetCloak plug-in, since it is the only way to access the plug-in's configuration settings.
Prohibit root-relative file paths in tags - This security setting is most useful to Web server administrators who host Web pages for users who are allowed to modify their own pages. When this box is checked, file paths in all NetCloak commands are restricted to files in the same folder as the current page, or lower, using "file-relative" paths. In other words, only paths that do not begin with a colon or slash are allowed. This prevents any cloaked page from accessing information stored in any page outside the same folder. This setting is useful to few users and should ordinarily be left unchecked, which is the default setting.
Only serve files listed in "NetCloak.config" -- When this option is checked, NetCloak will not serve a requested file unless it is aliased by a line in the "NetCloak.config" file. This represents the ultimate level of security provided by NetCloak. In this mode of operation, users visiting your web site can only see aliased files, and the aliases used in your URLs can give the illusion of an entire folder hierarchy that doesn't even exist! By default, this option is not checked, allowing any files accessible by your web server software to be cloaked.
See the section "NetCloak Aliases and Caching" for information on NetCloak aliases.
Prohibit macro files -- Because MACRO commands may refer to files located anywhere in your web server root folder, malicious users may attempt to gain access to sensitive files on your server by uploading files or submitting data which contain such MACRO commands. To eliminate this possibility, you can check this option. When checked, you have complete control over which macros may be executed on your server -- only those macros entered into the "NetCloak.macros" file will be allowed to run. By default, this option is checked. Users upgrading from NetCloak 2.0 or 2.1 who use MACRO commands to include pages within pages will need to un-check this option.
If NetCloak is unable to insert a macro because this option is checked, it will insert an error message enclosed in an HTML comment in place of the MACRO command when the document is served.
Prohibit EXEC_CGI tags -- This option is fairly straightforward. When checked, NetCloak will not process EXEC_CGI commands. The EXEC_CGI command poses a security risk because malicious users may attempt to upload CGI files to your server and then call these CGIs by uploading HTML files containing EXEC_CGI commands. Or they may attempt to use your existing CGIs in a destructive manner. By default, this option is checked. To enable EXEC_CGI commands on your server, you must un-check this option.
If this option is checked, NetCloak will insert an error message enclosed in an HTML comment in place of the EXEC_CGI command when the document is served.
| Copyright © 1996-1999 Maxum Development Corporation http://www.maxum.com/ |
Previous |
Next Contents |