Greenstone CDROM - security risk?
|Reported by:||kjdon||Owned by:||nobody|
|Priority:||moderate||Milestone:||CD-ROM Release for UNESCO|
Is this just a CD problem, or local library problem in general??
From an email sent by Ed Robinson (10 Mar 2008)
I am about to issue a CD containing a Greenstone collection, and I had a friend have a look at it to check that he could install it easily on his machine. One of his comments back to me was:
"The program itself is dangerous – it hosts a local HTTP server on the machine that is then accessible by anyone, not just the user/owner of the program.”
So I would recommend that people disconnect from the internet after launching the program."
This is an excellent point, Ed. The Greenstone Local Library does not use an industrial-strength web server, just a mini one. In fact, even industrial-strength servers have security problems: our technical support people ask us to disconnect from the Internet if we test Greenstone using the IIS web server because of security problems, so even Microsoft can't seem to get it right.
Greenstone CD-ROM collections were originally, of course, envisaged for machines without any Internet connectivity. With the widespread uptake of broadband (and consequent growth in the types of attacks that can be perpetrated) personal computers that are connected to the Internet tend to be better setup "out of the box" to warn and/or guard against the risks: ISPs often hook you up with anti-virus schemes, and Windows Defender (an optional free download for Windows XP) is now rebranded and in Windows Vista as standard. Another common configuration at home is to have a local area network set up through a ADSL router or similar, which has firewall functionality built in -- nothing on the LAN is visible to the outside world unless you intentionally change the settings to the firewall. Under these conditions it is safe to use Greenstone CD-ROM collections.
We could -- and now you have pointed this out, probably will -- alter the Local Library server so that by default it only responds to requests from 127.0.0.1/localhost by default, with an option to make it more widely available if you want to take the risk.