Security Considerations
Securing applications that are accessible to the Internet is not a trivial task. This page outlines some of the issues, and offers tips to help you secure your application using the Embedthis GoAhead product.
Updates
Even the best application or HTTP server can experience some security vulnerabilities that are discovered after being deployed in the field. It is highly recommended that you stay up to date with the latest version of GoAhead.
Embedthis offers a Security Enhancement Service as part of an GoAhead commercial license that will proactively notify you of any security flaws and will expedite fixes or workarounds to minimize the vulnerability.
GoAhead User Account
It is important that you run GoAhead with the lowest system privilege that will get the job done. If any application is compromised, including GoAhead, then the system will be safest if the compromised application has as few privileges as possible.
Directory and File Permissions
This section explains the policy should you need to move or modify files and directories.
To enhance security you need to consider the directory and file permissions for three classes of content:
- Pages served by the HTTP server
- Scripts run by the HTTP server
- Configuration and log files used by the HTTP server.
Pages served by the GoAhead server should be owned by root or administrator and should only be readable by the GoAhead user account. Directories containing served pages should be readable and executable only.
Scripts run by the GoAhead server should always be outside all directories containing served pages. After all, you don't want prying eyes viewing your scripts! Scripts should be owned by the root or administrator and should only be readable and executable by the GoAhead user account.
Configuration and log files used by the GoAhead server should always be outside all directories containing served pages or scripts. The directory containing the log files must be writable by the GoAhead user account.
Home Permissions
The home directory in which GoAhead executes should be owned by root or administrator, and should be in the group root or administrators. They should only be writable by this specific user and group.
Authentication
It is highly recommended that you use Form-based Form authentication and not Basic authentication. As implemented in GoAhead, Form authentication over SSL provides many safeguards against known exploits including; man-in-the-middle attacks, client spoofing, and replay attacks.
Sandboxing
Sandboxing is the term applied to running GoAhead in a confined environment. When embedding a HTTP server in an application, the profile of client access is often well known. This profile includes the rate of accesses, the length of URLs and the size of pages returned to the user.
GoAhead has a set of build time configuration options that allow you to define a sandbox which specifies how GoAhead must be used for a request to be serviced. By using well defined sandbox directives, you can help ensure that your application will not be compromised by malicious requests.
Limit Directives
The limit directives are defined in main.me which is used by MakeMe when configuring GoAhead and generating the bit.h header that is included by GoAhead source code.
| Directive | Purpose |
|---|---|
| limitBuffer | General I/O buffer size |
| limitFilename | Maximum filename size |
| limitHeader | Maximum size of the request header |
| limitNumHeaders | Maximum number of header lines in the request |
| limitParseTimeout | Maximum time to parse the request headers |
| limitPassword | Maximum size of a password |
| limitPost | Maximum size of the incoming POST request body |
| limitPut | Maximum size of the incoming PUT request body |
| limitSessionLife | Default session lifespan in seconds |
| limitSessionCount | Maximum number of sessions |
| limitString | Default string size |
| limitTimeout | Request inactivity timeout in seconds |
| limitUri | Maximum URI size |
| limitUpload | Maximum size of a file upload request |