From 308bcf868c0a5bce9e1683c807ea43f10c3dc30e Mon Sep 17 00:00:00 2001 From: "David M. Johnson" Date: Sun, 8 Sep 2024 16:18:48 -0400 Subject: [PATCH] Safer defaults for trust-users and file uploads, plus install guide changes. --- .../roller/weblogger/config/roller.properties | 3 ++ .../weblogger/config/runtimeConfigDefs.xml | 4 +- docs/roller-install-guide.adoc | 51 ++++++++++--------- 3 files changed, 33 insertions(+), 25 deletions(-) diff --git a/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties b/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties index 2d439eaa8e..119bd9a78f 100644 --- a/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties +++ b/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties @@ -342,6 +342,9 @@ authentication.method=db # Enables HTTPS for login page only securelogin.enabled=false +# With this settings, all users will have HTML posts sanitized. +weblogAdminsUntrusted=true + # Empty value used for passphrase in roller_user table when LDAP or CMA used; # openid presently generates a random (long) password string instead. users.passwords.externalAuthValue= diff --git a/app/src/main/resources/org/apache/roller/weblogger/config/runtimeConfigDefs.xml b/app/src/main/resources/org/apache/roller/weblogger/config/runtimeConfigDefs.xml index f67b65c04f..0071170338 100644 --- a/app/src/main/resources/org/apache/roller/weblogger/config/runtimeConfigDefs.xml +++ b/app/src/main/resources/org/apache/roller/weblogger/config/runtimeConfigDefs.xml @@ -199,7 +199,7 @@ boolean - true + false string @@ -230,7 +230,7 @@ boolean - true + false diff --git a/docs/roller-install-guide.adoc b/docs/roller-install-guide.adoc index 5b9381ec57..c89c04c2bb 100644 --- a/docs/roller-install-guide.adoc +++ b/docs/roller-install-guide.adoc @@ -42,29 +42,34 @@ some recommendations for keeping your Roller installation secure: * *Perform Roller installation on a secure network*. When you are installing Roller it is possible for other users to interfere with your installation. If other users have access to the server, one of them -could create the admin account before you do. So, when you install -Roller, do so on a server that cannot be accessed by others. -* *Do not allow open registration of new users*. Roller can offer a -registration link so that new users can register themselves, but this -feature is turned off because it is not safe to allow just anybody to -register for an account on your blog server. If you want to turn it on, -login as an administrative user, go to Roller’s Server Administration -page and enable the *Allow New Users* option. -* *Enable HTML Sanitization*. If you cannot trust the webloggers who -will use your Roller site to author HTML, then you should configure -Roller to sanitize all HTML published by the system. Do this by setting -the _weblogAdminsUntrusted=true_ property in your -_roller-custom.properties_ file. -* *Do not allow File Uploads*. By default Roller allows users to upload -files for display on their blogs. If don't trust your users, this is unsafe -and you should disable File Uploads via the Server Administration page. -* *Do not allow HTML in comments*. Roller can allow users to write -comments in a safe-subset of HTML, but HTML use in comments is not -allowed at all because of security concerns with even a so called -safe-subset of HTML. If you want to turn it on, login as an -administrative user, go to Roller’s Server Administration page, enable -the *Allow html in comments* option and make sure the *HTML Subset -Restriction* box is checked. +could attempt to access the Roller database or files while you are +installing Roller. To prevent this, install Roller on a secure network +or at a time when other users are not using the server. + +* *Do not allow new user registrations*. By default, Roller allows new +users to register themselves. This is convenient, but it also means that +anyone can create an account on your Roller site. If you do not want +this, go to the Server Administration page and disable the *Allow New +Users* option. + +* *Sanitize all HTML*. By default, Roller sanitizes all HTML published by the system to ensure that user posts are safe and free from malicious content. This is controlled by the _weblogAdminsUntrusted=true_ property in your _roller-custom.properties_ file. + +* *Do not allow custom themes*. By default, Roller does not allow users to +create custom themes. You can enable this via the Server Admin page, but +don't do it unless you trust your users because it can allow users to +create custom themes that can be used to compromise your site. + +* *Do not allow File Uploads*. By default, Roller does not allow users to upload +files for display on their blogs. If you trust your users, then you can enable +file uploads via the Server Admin page. + +* *Do not allow HTML in comments*. By default, Roller does not allow users to write +comments in HTML due to security concerns. This setting helps prevent potential +security issues related to HTML content in comments. + +By following these recommendations, you can help ensure that your Roller +installation remains secure and protected from common web vulnerabilities. + * *Run Roller over SSL connection*. If you run Roller over a plain old HTTP connection, it is possible for others to snoop your password when you login, for example over an open WIFI network. To configure Roller to