Liferay Session Timeout: The default session timeout is 2 hours (240 minutes). You can lengthen or shorten this by changing the setting in the window of the installer.
Role-Based Access Control: Novell Teaming controls all access to folders and entries by using role-based access controls. See “Adjusting Access Control for the Site” in the Novell Teaming Administration Guide to learn more about the default roles and access settings. Keep in mind that Novell Teaming is intended to be used primarily for the sharing of information, so many default access rights lean toward allowing at least universal read access.
Inbound E-mail: You can configure Novell Teaming to read e-mail and post those e-mail messages as entries in a folder. Because e-mail is inherently insecure, there is no way to be sure that the sender is who they claim to be. Novell Teaming marks the entries posted by e-mail to alert users about their origin.
Web Services are enabled by default: The default Novell Teaming installation allows authenticated access via Web services. If you are not using Web services, you can disable them by deselecting the Enable Web Services option in the window of the installer.
WebDAV Authentication: Authenticated access via WebDAV is via the Basic Authentication mechanism. Because of the weaknesses of Basic Authentication, secure (SSL) connections are recommended.
RSS feed URLs: Because RSS readers are outside of the authentication system, the URL provided by Novell Teaming for an RSS feed embeds some authentication information about the user. This means that the RSS URL must be protected and not shared between users.
For this reason, RSS is not recommended for use on highly sensitive data.
To disable RSS feeds, deselect the option in the window of the installer during initial installation, or run a reconfiguration with the installer to disable RSS feeds after installation.
LDAP (directory service) Proxy User: You can configure Novell Teaming (and the portal) to utilize information in the LDAP directory service to provide basic user account information (and group memberships). Access to the LDAP server is done via a configuration page that requires you to specify a username and password for access to the LDAP directory. This user should be created in the LDAP directory service with the minimum number of privileges needed to perform the job. In particular, all LDAP synchronization activities are one-way, so the proxy user only requires read access to the directory. We highly advise that you configure LDAP with a secure SSL connection.
LDAP Directory access is unencrypted by default: See “Secure LDAP/eDirectory Setup” in the Novell Teaming Administration Guide for information about configuring Novell Teaming to use SSL when communicating with the LDAP directory.
File System Repositories contains unencrypted data: See File System Planning for details about how Novell Teaming uses the local file system for data storage. These directories contain uploaded information in various formats (both native file formats and potentially a number of rendered formats (such as cached HTML versions of files, thumbnails, and RSS feeds) as well as archived data.
These files are managed exclusively by the Novell Teaming application software and the file system protections should be set to protect those directories from unauthorized access.
Database access is unencrypted by default: Depending on your local security guidelines, you might want to encrypt the database connections between the Novell Teaming and Portal software and their respective databases. SSL encrypted data between the applications and database servers imposes a performance penalty because of the increased overhead of encrypting and decrypting the retrieved data.
Support for this is highly dependent on the database client drivers and JDBC connector support and how you are configuring your client and server certificates. You should check with the database vendors on how to set up SSL connections on both the client and server sides of the connection. You need to at least update the selections in the Database selection window of the installer. For example, for MySQL you might add useSSL=true&requireSSL=true to the options part of the URL.
Mirrored Folder Proxy User:
See Configuring Mirrored Folders
in the Novell Teaming 1.0 Administration Guide for more information about the mirrored folder feature
You can configure Novell Teaming to use server directories (either in the local file system or via file sharing) as repositories for Novell Teaming folders. Because the Novell Teaming application server is accessing those directories, the user ID that the application server runs as acts as a proxy user for all file system access (that is, the file system only sees one user accessing the files on behalf of all Novell Teaming users who have access to the Novell Teaming folder). This proxy user should be used to configure any local file system access (or shared file access) appropriately.
If you configure a mirrored folder to a WebDAV or Microsoft SharePoint* directory, the resource driver is configured to use a proxy username and password. The same access control practices should be applied to these resources as are used with the file system resource driver.
Conferencing account password is stored in configuration file: If you are using Conferencing, the password to a Conferencing account is stored in:
WEB-INF/classes/config/ssf.properties
Password Storage in the Server File System: A number of application accounts and passwords are stored in the file system. These files should be protected against unauthorized access on the server.
The installer.xml file contains a majority of the account and password information. You should protect this file accordingly. The installer’s option uses this information to create and update a number of configuration files within the application software directory tree. These files are outlined below:
Database user IDs and passwords for the portal and Novell Teaming software are stored in XML files in the following directories:
conf/Catalina/localhost/ssf.xml (Novell Teaming) conf/Catalina/localhost/ROOT.xml (Liferay Portal)
Mirrored folder resource drivers to WebDAV/Sharepoint shares store the proxy user and passwords in:
WEB-INF/classes/config/ssf.properties
The e-mail access (both inbound and outbound) might contain usernames and passwords for authentication (such as, authenticated SMTP). These are stored in:
conf/Catalina/localhost/ssf.xml (Novell Teaming) conf/Catalina/localhost/ROOT.xml (Liferay Portal)
Some application accounts and passwords are stored in the database. These are protected by application access controls, but are available if access to the database is obtained through other means, such as an LDAP proxy user and password.