WebSpeed
Product Update Bulletin
Techniques To Minimize Unauthorized Access To WebSpeed Messengers
Consider replacing the default filenames and file extensions associated with key WebSpeed files with proprietary (that is, less easily recognizable) names and extensions that you define. This action limits unauthorized personnel’s ability to recognize these files when they display on the URL.
The following list identifies these key files and suggests some ways to shield the identify of each file:
- Rename the default WebSpeed Messenger filename associated with the messenger type that you are using: cgiip.exe, wsisa.dll, or wsnsa.dll.
- Use a file association technique to shield the identity of the default WebSpeed Messenger and Broker filenames when they are run. This activity is only supported if you are using a Microsoft Internet Information Web Server (ISS Web Server) on a Windows NT platform, and your WebSpeed Messenger type is cgiip.exe. This technique allows you to define a file extension that can run an executable. The file extension, which includes the default filenames of the WebSpeed Messenger and Broker, obscures the identity of these files as it passes the Broker name to an executable that runs them.
For detailed instructions on how to perform this file association technique, refer to the cgiip.wsc file that is shipped with the WebSpeed product.
- If you are using a UNIX platform, consider changing the default script name,
wspd_cgi.sh,
to a less immediately identifiable name to hide the WebSpeed messenger and WebSpeed Broker names that thewspd_cgi.sh
file contains.Restrict Your File Upload Directory
Do not allow execute permissions on your file upload directory.
NOTE: As previously mentioned earlier in this section, do not include references to the file upload directory in your PROPATH.WebSpeed Configuration Considerations
As a general guideline to restrict access to your WebSpeed configuration from attack, protect your WebSpeed Broker, Web server, and database components inside your firewall; your Web server and WebSpeed messenger must be on a machine outside this firewall.
NOTE: For a more information about security issues as they pertain to WebSpeed configurations and their integration with firewalls, see the section, "Maximizing WebSpeed Compatibility With Your Firewall" .
Copyright © 2004 Progress Software Corporation www.progress.com Voice: (781) 280-4000 Fax: (781) 280-4095 |