|
Configuring Your Server | PopChart Server User Guide 4.0.5 |
For security reasons, PopChart Server can only read and write appearance, data, and PopChart XML files from authorized locations. By default, PopChart Server can only read from its document root directory and subdirectories, and the localhost (127.0.0.1) domain. It can only write to the images folder of the document root directory.
This means that you will need to authorize any other locations that you want PopChart Server to read from or write to. For example, suppose that you wanted to load data from a web application server located at http://webapp.mycompany.com. PopChart Server would need to be given permission to retrieve data from this location. Likewise, you would need to give PopChart Server permission to load an appearance file from the C:\InetPub folder on the computer running PopChart Server
You can control which locations PopChart Server can read or write from by editing the path.xml file. This file is located in the config directory. You can edit it in a text editor such as Microsoft Notepad, or you can edit it in the Administration Console.
To convince you of the need for a path.xml file, and also to keep you from defeating the purpose of this file, we should point out two ways by which an insecure server can be abused.
First of all, PopChart Server's save capabilities can be used to overwrite crucial system files. For example, PopChart Embedder's saveImageToPopChartServer(String) method allows a programmer to save images for future use to the machine running PopChart Server. A hacker could easily use this method to save an image over a system file, thus crashing your server.
To prevent this from occurring, the path.xml file controls which directories PopChart Server can write too. By default, the only directory to which images can be saved is the images folder inside of the document root directory. Unless you have a really good reason to add another location, you should probably leave it this way.
Note: You also need to specify a password to save images to PopChart Server.
The second security issue is that PopChart Server can now read appearance and data files from URLs. Although this flexibility is one of PopChart Server 4.0.5's most attractive features, it also opens up the possibility for parasites—outside users that use your PopChart Server to serve their own PopChart images.
For example, suppose the webmaster for a small website decides she wants the benefits of PopChart Server, but doesn't want to buy it. All this webmaster has to do is figure out the address and port that your PopChart Server runs on (which is easy to discover by viewing your web page's HTML), and she would instantly be able to use it to request and generate images for her own website. Of course, our more philanthropic customers might not mind lending a few graphs to the less fortunate, but what if this small website suddenly becomes popular, thus dramatically increasing your server load? Or what if this small website belongs to a competitor?
To prevent such abuse, the path.xml file allows you to specify a list of valid callback domains. The term callback describes any requests PopChart Server makes to an outside resource for information (appearance files, data, etc.).
To add or remove path and URL permissions for PopChart Server, you should modify the path.xml file.
1. Login to the Administration Console and go to the Security > Path / URL Permissions screen.
The text box on this screen contains the contents of the path.xml file. You can edit the file directly in this text box.
2. Copy the following text (which also appears at the top of the page in the Administration console) and paste it immediately above the last line:
<Map Name="MyAppServer" Path="appservername.mycompany.com" Action="allowDomain"/>
3. Replace MyAppServer (the value of the Name attribute) with the name you wish to give to this mapping.
This name is for descriptive purposes only, and is entirely up to you. In fact, this step is entirely optional.
4. Replace appservername.mycompany.com (the value of the Path attribute) with the name or IP address of the host that you want to allow PopChart Server to read from.
This will allow PopChart Server to read any file that comes from the specified host. For example, if we specify www.mycoolstats.com, we could read from sources such as http://www.mycoolstats.com/data/110899.html, http://www.mycoolstats.com/renderer?name=bar&apfile=26, etc.
You can also use wildcards. For instance, *.corda.com would allow any host in the corda.com domain (www.corda.com, popchart.corda.com, etc.). Similarly, 10.0.*.* would allow PopChart Server to read from any IP address that begins with 10.0.
5. Click Apply to apply your changes. You do not need to restart PopChart Server.
1. Login to the Administration Console and go to the Security > Path / URL Permissions screen.
The text box on this screen contains the contents of the path.xml file. You can edit the file directly in this text box.
2. Copy the following text and paste it immediately above the last line:
<Map Name="Read" Path="./path" Action="Load"/>
Note: This text is different from the text that appears in the Administration Console.
3. Replace Read (the value of the Name attribute) with the name you wish to give to this mapping.
This name is for descriptive purposes only, and is entirely up to you. In fact, this step is entirely optional.
4. Replace ./path (the value of the Path attribute) with the local path that you want to allow PopChart Server to read from.
If you precede the path with ./, PopChart Server will assume it to be relative to the document root. Otherwise, it will assume the path to be an absolute path, accessible to the machine that PopChart Server is running on. You can also put a wildcard at the end of a path to indicate that PopChart Server has permission to read from any of the path's subdirectories.
For example, if you set this value to F:\InetPub\mydata\*, you are giving PopChart Server permission to read anything from the F:\InetPub\mydata directory, as well as any of its subdirectories. If you set this value to ./data, you are giving PopChart Server permission to read from the data directory in the document root, but none of its subdirectories.
5. Click Apply to apply your changes. You do not need to restart PopChart Server.
|
|