|
Users are authenticated |
Yes |
Administrative users are authenticated via eDirectory™ (or PAM on Linux) and authorized access if they have write rights to the configuration file in the product directory (SYS:\qfsearch on NetWare® and /var/lib/qfsearch on Linux). |
|
Servers, devices, and/or services are authenticated |
No |
|
|
Access to information is controlled |
Yes |
Access to the administrative interface is restricted to valid users that have write rights to the configuration file in the product directory.
Rights-based search results can be restricted to those that have rights to view them based on the following:
-
The files or index are identified as public.
or
They are a valid user.
-
The index is specified as rights-controlled at the index level and the user has rights to read the index control file.
or
The index is specified as rights- controlled at the file or path level and the user has rights to read the file or the path that contains that file.
|
|
Roles are used to control access |
No |
|
|
Logging and/or security auditing is done |
Yes |
QuickFinder keeps log files containing the logged-in users’ UserIDs and the incoming IP address. However, the UserIDs are not exposed in the summary reports that are generated. Administrators can create their own exports that expose the UserIDs and IP addresses. |
|
Data on the wire is encrypted by default |
Yes |
The following data is encrypted on the wire:
-
QuickFinder administration via browser UI.
-
When logging in (if the administrator specified switching to the HTTPS protocol).
-
When crawling HTTPS-based Web sites.
-
When synchronizing QuickFinder indexes, configuration settings, and templates to other QuickFinder servers in a server farm (if the administrator specified to use the HTTPS protocol).
-
Any time the user switches the browser’s URL to use the HTTPS protocol.
-
If crawling a password-protected Web site, but not using the HTTPS protocol, then UserIDs and passwords might be passed in the clear.
|
|
Data stored is encrypted |
No |
|
|
Passwords, keys, and any other authentication materials are stored encrypted |
No |
QuickFinder stores the credentials needed to crawl password-protected Web sites in its configuration files. These files are stored in the product directory (which should be protected).
Both the UserID and the Password are visible if using the Form-based login method when crawling a Web site. The password is not visible in the UI when using the Basic Authentication method to access password-protected Web sites. |
|
Security is on by default |
Yes |
|