18.23 Security Scan Risk Reports

Running regular security scans on your network is critical to security administration. Security is a top priority for the Filr development team.

Occasionally, reputable security scanning software reports risks that the Filr team considers to be less significant than reported. The following are specific examples:

  • PHP as a Security Vulnerability: Although in many cases the presence of PHP scripts is a legitimate concern, in the case of Filr, there is no PHP access without first authenticating through port 9443. Since access through port 9443 is secure by definition, Filr’s PHP implementation is secure.

  • Diffie-Hellman 1024 Keys: If you run a Nessus or equivalent security scan, you might receive a report of Medium Risk associated with Diffie-Hellman 1024-bit keys.

    The Filr team is aware of this and is considering increasing the key size in a future release. At this time, however, the team does not feel that this is a significant threat to Filr installations; breaking 1024-bit keys requires computing resources that only a nation-state would have at its disposal.

    If you are concerned or feel that your organization might be vulnerable to nation-state attacks, you can specify a stronger key through the Java security policy.