3 Replies Latest reply on Aug 3, 2012 8:36 AM by vanontherun

    Where can I find Security best practices for ClearspaceX deployment?

       

      I am trying to launch a deployment and would like to know if I can learn from past experiences such as Intel Open Port Community or any other large public deployments of Clearspace X.

       

       

      I am running 1.8 with custom code.

       

       

      Thanks in advance,

       

       

      Andre

       

       

        • Re: Where can I find Security best practices for ClearspaceX deployment?

          Andre,

           

          I will look at getting you a best practices document, but in the mean time some things to remember:

           

          Anywhere a user can input data into the system there is a possibility for exploits to occur. This means that when rendering urls in Freemarker you need to be careful, putting parameters input by the user directly back into the page is dangerous for instance if part of the url contains malicious code. Any user form input should be validated on input, to be safe any HTML markup should be removed, not permitted or escaped. Anywhere you pull into content from other systems and display it in your page you run the risk of exposing your users to malicious code.

           

          We have done a ton of work on Clearspace to fix the issues which were available in early versions of Clearspace and we continue to make these improvements. Thats why we recommend keeping your custom code base up-to-date with the latest bug fix releases in order to take advantage of these improvements.

           

          I will circle up with the security team to see what sort of documentation we can get there, in the mean time please feel free to post more specific questions about it here.

           

          Hope that helps,

          Alex