The following sections provides a summary of security-related configuration settings for QuickFinder:
The following table lists the QuickFinder configuration settings that are security-related or impact the security of QuickFinder.
Table 15-2 QuickFinder Security Configuration Settings
|
Configuration Setting |
Possible Value |
Default Value |
Recommended Value for Best Security |
|---|---|---|---|
|
QFind.cfg > MsgDetail |
“Level of detail in indexing logs:” -1 through 5 |
3 |
5 |
|
QFind.cfg > AutoTimeOut |
“Maximum query duration (seconds).” Any integer. |
30 seconds |
15 |
|
QFind.cfg > CheckRights |
“Authorization checking:” Off | Index | ResultItem |
Off |
ResultItem |
|
QFind.cfg > CheckRightsFilePath |
“by Index (Only users that have read access to the following file have access to the index)” Any string value |
Points to /docs/index.html |
A file that is more rights-controlled |
|
QFind.cfg > CheckRightsFilter |
“Unauthorized hits filtered by” Engine | Templates |
Engine |
Engine |
|
QFind.cfg > UserID |
“Basic Authentication: User ID“ Any string value |
“” |
If possible, crawl public only. |
|
QFind.cfg > Password |
“Basic Authentication: Password“ Any string value |
“” |
If possible, crawl public only. |
|
QFind.cfg > AuthFields |
“Form-based Authentication” fields Any string value |
“” |
If possible, crawl public only. |
|
QFind.cfg > LoginURL |
“Alternate Login URLs” Any string value |
“” |
If possible, crawl public only. |
|
QFind.cfg > HTTPHeaders |
“HTTP Headers:” any string value |
“” |
“” |
|
QFind.cfg > IndexLocation |
“Location of index files:” Any directory in the file system Any string value |
<qfsearch>/Sites/<VSS name>/indexes/<index name> |
Any directory that is secured. |
|
QFind.cfg > CanBeMirrored |
“Index may be copied to other clustered servers:” true | false |
FALSE |
FALSE |
|
AdminServlet.properties > AdminServlet.RequireSSL |
“Require HTTPS when administering QuickFinder Server:” true | false |
TRUE |
TRUE |
|
AdminServlet.properties > AdminServlet.Authenticate |
“Require authorization when administering QuickFinder Server:” true | false |
TRUE |
TRUE |
|
AdminServlet.properties > AdminServlet.ProductUpdates.Enabled |
“Check for product updates:” true | false |
TRUE |
FALSE |
|
AdminServlet.properties > AdminServlet.ProductUpdates.URL |
Not in UI Any string value |
http://search.novell.com/qfsearch/UpdateServlet |
“” |
|
???????.properties > GeneralServlet.Errors.Enabled QueryLog.Enabled ClusterServices.Log.Enabled |
“Log Enabled” true | false |
TRUE |
TRUE |
|
????????.properties > GeneralServlet.Errors.Destination ClusterServices.Log.Destination |
“Log to:” File | Console | Both |
Both |
Both |
|
???????.properties > GeneralServlet.Errors.LogFile.DeleteOnRestart ClusterServices.Log.DeleteOnRestart |
“New log when services load:” true | false |
TRUE |
FALSE |
|
???????.properties > GeneralServlet.Errors.LogFile.MaxSize ErrorLog.MaxSize ClusterServices.Log.MaxSize |
“Maximum log size (bytes):” Any positive integer |
30000 |
30000 |
|
GeneralServlet.properties > GeneralServlet.Mail.Enabled |
“Enable e-mail services:” true | false |
FALSE |
TRUE |
|
GeneralServlet.properties > GeneralServlet.Mail.SMTPHost |
“Outgoing SMTP Host name:” Any string value |
“” |
The name of the local SMTP mail server. |
|
GeneralServlet.properties > GeneralServlet.Mail.SMTPPort |
“Outgoing SMTP Port #:” Any positive integer |
25 |
The correct port of the local SMTP server. |
|
GeneralServlet.properties > GeneralServlet.Mail.SMTPUserID |
“Outgoing SMTP User ID (optional):” Any string value |
“” |
The UserID of the local SMTP mail server. |
|
GeneralServlet.properties > GeneralServlet.Mail.SMTPPassword |
“Outgoing SMTP Password (optional):” Any string value |
“” |
The password of the local SMTP mail server. |
|
Cluster.properties > ClusterServices.Send.Enabled |
“Will this machine send cluster data:” true | false |
FALSE |
FALSE |
|
Cluster.properties > ClusterServices.Receive.Enabled |
“Will this machine receive cluster data:” true | false |
TRUE |
FALSE |
|
Cluster.properties > ClusterServices.RequireHTTPS |
“Require HTTPS for all cluster communications:” true | false |
FALSE |
TRUE |
|
Cluster.properties > ClusterServices.Authentication.RequireAuthentication |
“Require admin authorization when receiving cluster data:” true | false |
TRUE |
TRUE |
|
SiteList.properties > SiteList.GlobalSite |
“Default location of virtual search servers:” Any string value |
<QFSearch>/sites |
A protected file system location. |
|
SiteList.properties > Monitor.SiteCache.DynamicUpdates |
“Detect manual search server changes:” true | false |
TRUE |
FALSE |
|
SiteList.properties > Monitor.TemplateCache.DynamicUpdates |
“Detect template changes:” true | false |
TRUE |
FALSE |
|
General.properties > Monitor.SiteCache.PurgeSiteSeconds |
Not in UI Defaults to 20 minutes Any non-negative integer |
1200 |
60 |
|
General.properties > QueryLog.Mail.Enabled |
“E-mail log reports:” true | false |
FALSE |
FALSE |
|
General.properties > Recipients |
“...enter recipients...” |
“” |
“” |
|
General.properties > Site.Cluster.Send.Enabled |
“Let Virtual Search Server send cluster data:” true | false |
FALSE |
FALSE |
|
General.properties > Site.Cluster.Send.ClusterNames |
“Name of clusters to send to:” Any string value |
“” |
“” |
|
General.properties > Site.Cluster.Receive.Enabled |
“Let Virtual Search Server receive cluster data:” true | false |
FALSE |
FALSE |
|
General.properties > Response.PotentialHits.Max |
“Refuse queries if potential hits exceed:” Any positive integer. |
10000 |
5000 |
|
Search.properties > Print.properties > Search.Request.NumHits.Max Search.BestBet.NumHits.Max Print.Request.NumHits.Max |
“Maximum number of results per page:” Any positive integer up to “Highest allowed result number:” |
200 5 200 |
100 5 25 |
|
Search.properties > Print.properties > Search.Request.LastHitNum.Max Print.Request.LastHitNum.Max |
“Highest allowed result number:” Any positive integer |
1000 1000 |
200 200 |
|
Search.properties > Print.properties > Search.Templates.Directory Print.Templates.Directory Highlighter.Templates.Directory |
“Templates directory:” Any string value |
<qfsearch>/Templates |
A rights-controlled directory. |
|
Print.properties > Print.Response.PrintSize.Warning |
“Print job size warning (bytes):” Any positive integer |
102400 |
40960 |
|
Print.properties > Print.Response.PrintSize.Max |
“Maximum print job size (bytes):” Any positive integer |
2097152 |
512500 |
|
Security.properties > Security.Authentication.RealmString |
“Authentication realm string:” (Only used if LoginType is set to basic, 0) Any string value |
“QuickFinder Server” |
Best if it matches the Web server’s realm. |
|
Security.properties > Security.LoginType |
Not in UI 0 - login type basic 1 - login type form |
1 |
1 |
|
Security.properties > Security.CheckRightsByDir |
“Check authorization by directory:” true | false |
TRUE |
FALSE |
|
Security.properties > Security.AutoLogoutTime |
“Auto-logout time (minutes):” Any positive integer -1 == never log out |
30 |
5 |
|
Security.properties > Security.RequireHTTPS |
“Require https:” true | false |
TRUE |
TRUE |
The following table lists the configuration settings for other products that impact the security of QuickFinder.
Table 15-3 Configuration Settings for Other Products
|
Product Name |
Configuration Setting |
Default Value |
Recommended Value for Best Security |
|---|---|---|---|
|
PAM |
Rights to the shadow group on Linux |
Not made a member of this group. |
Not made a member of this group, but requires that eDirectory is installed. |