Security considerations for Enterprise Server 10
Take note of the following areas in which security levels are implemented in Enterprise.
Enterprise uses its own user definitions and passwords which are used to authenticate the clients with Enterprise Server. The Server applies the business logic and authorization rules as to what a specific user is allowed to do. The Server itself always uses the configured database user that has “Full” access to the database.
Note: This is true for a standard installation only. In case the instructions are followed as outlined in Security checkpoints below, access for the database user is more restricted.
Enterprise user passwords are stored encrypted inside the database.
Tickets instead of passwords
For each client session, a ticket is created and returned to the client application. Instead of sending passwords, the ticket is sent along each SOAP call (between the client application and the Server).
If you raise the security level of your Web browser, cookie support might get disabled implicitly. However, cookies are used by the Enterprise system so make sure that they are enabled again after raising the security level.
Verify the following areas to see if you want to increase the security of the system.
MySQL user root password
The standard MySQL user root does not have a password. Set a password for root (or even better: disable the root user and create a new MySQL user account with a password) and enter this user and password into the config.php file for Enterprise Server as well.
Database user privileges
If you want to reduce the privileges for the newly created database user, the following is the minimal set of required privileges:
- Installation: ALL
- Everyday: SELECT, INSERT, UPDATE, DELETE on all tables in the Enterprise database, CREATE TEMPORARY TABLES system privilege
- Adding/removing custom properties: ALTER on smart_objects, smart_deleted-objects tables
- Installation: ALL
- Everyday: SELECT, INSERT, UPDATE, DELETE on all tables in the Enterprise database, CREATE TABLE, DROP TABLE on tempdb database
- Adding/removing custom properties: ALTER on smart_objects, smart_deletedobjects tables
- Not applicable: a minimal set of privileges was already defined during the Oracle installation steps of Enterprise Server.
If you use the file system for file storage, the default location is the File Store directory in the root of your disk. Change this into a better place and set the location in the config.php file of Enterprise Server. Next, make sure the access rights are set as narrow as possible.
Enterprise default user
Enterprise ships with a default user account with full admin rights (username woodwing, password ww) thereby giving full access to the system. Since this account is mentioned in various places in the online help, we strongly advise to change the password and/or to deactivate this account in order to prevent unauthorized access. Be sure to create a user with administrative rights first though.
SSL can be used as a means of securing the connection between the applications server and client applications.
Note: For more information about setting up clients and servers by enabling SSL, see Using SSL in Enterprise Server.
It is recommended to remove the wwtest/ folder from production installations since the scripts it contains provide a wealth of configuration and installation information which can be useful to potential attackers.