The following table contains a summary of the security features of QuickFinder:
Table 15-1 QuickFinder Security Features
|
Feature |
Yes/No |
Details |
|---|---|---|
|
Users are authenticated |
Yes |
Administrative users are authenticated via PAM (and possibly eDirectory) and authorized access if they have write rights to the configuration file in the product directory (/var/lib/qfsearch). |
|
Servers, devices, and/or services are authenticated |
No |
|
|
Access to information is controlled |
Yes |
Access to the administrative interface is restricted to valid users that have write rights to the configuration file in the product directory. Rights-based search results can be restricted to those that have rights to view them based on the following:
|
|
Roles are used to control access |
No |
|
|
Logging and/or security auditing is done |
Yes |
QuickFinder keeps log files containing the logged-in users’ UserIDs and the incoming IP address. However, the UserIDs are not exposed in the summary reports that are generated. Administrators can create their own exports that expose the UserIDs and IP addresses. |
|
Data on the wire is encrypted by default |
Yes |
The following data is encrypted on the wire:
|
|
Data stored is encrypted |
No |
|
|
Passwords, keys, and any other authentication materials are stored encrypted |
No |
QuickFinder stores the credentials needed to crawl password-protected Web sites in its configuration files. These files are stored in the product directory (which should be protected). Both the UserID and the Password are visible if using the Form-based login method when crawling a Web site. The password is not visible in the UI when using the Basic Authentication method to access password-protected Web sites. |
|
Security is on by default |
Yes |