Re: [announcement] Longwell 1.1 released

From: Ryan Lee <>
Date: Fri, 11 Mar 2005 10:54:13 -0500

J. Steven Hughes wrote:
> Hi Ryan,
> What are the security risks associated with running Longwell? We are
> behind a firewall and need to justify opening a port for outside access.
> thanks,
> steve

To follow up on Stefano's advice, there are some general practices
(which you likely know, but they're good enough to bear repeating) and
some application-specific notes to be aware of.

In Longwell, to avoid unwanted data being piped into your repository,
make sure allowAdd and scutter.enabled are both false in your configuration file. They both default to false if not

Generally, one good way to protect yourself is to make sure the servlet
container running Longwell runs under an unprivileged user. Any
potential breach would be restricted to what that user can access -
given that your machine is secured against normal users usurping root

Ryan Lee       
W3C Research Engineer    +1.617.253.5327
Received on Fri Mar 11 2005 - 15:53:10 EST

This archive was generated by hypermail 2.3.0 : Thu Aug 09 2012 - 16:39:17 EDT