Your Novell Filr system should be located behind your firewall. If Filr users want to access the Filr site from outside your firewall, you should set up a proxy server outside your firewall to provide access. You can use NetIQ Access Manager to protect your Filr site, as described in Section 1.8, Changing Reverse Proxy Configuration Settings.
The Filr site is initially installed to allow administrator access by using the user name admin and the password admin. The Filr administrator password should be changed immediately after installation, as described in Section 3.2, Changing the Filr Administrator User ID or Password.
Cross-site scripting (XSS) is a client-side computer attack that is aimed at web applications. Because XSS attacks can pose a major security threat, Novell Filr contains a built-in security filter that protects against XSS vulnerabilities. This security filter is enabled by default.
The following sections describe the types of content that the security filter blocks from the Filr site, where exactly it blocks it from entering, and how you can disable the security filter or enable specific users to bypass the security filter.
By default, the XSS security filter in Filr is very strict, and does not allow users to add certain types of content. For example, the following content is not permitted:
HTML that contains JavaScript
Forms
Frames
Objects
Applets
The type of content discussed in Understanding What Content Is Not Permitted is filtered by Filr in the following areas:
Text and HTML fields in entries and folders
Uploaded HTML files
Filr enables you to run an XSS report that lists XSS threats that are contained in your Filr system. For more information, see Section 28.2.12, XSS Report.