15.2 Security Characteristics

QuickFinder Server communicates using port 80 for normal searches, port 443 for rights-based searches and to log in (controllable by the administrator). QuickFinder also uses port 443 for administration (controllable by the administrator). QuickFinder Server’s Highlighter and Print servlets can use whatever port a URL was originally crawled on.

When crawling a Web site, QuickFinder Engine uses port 80 for most Web sites and port 443 for most HTTPS-based Web sites. However, the actual ports are controlled by each Web site administrator. If a Web site is password-protected, user credentials can be configured by the search administrator when he or she defines the indexes. These credentials are sent with the URLs requested.

When indexing a File System, the QuickFinder Server engine only indexes what it has rights to see. On Linux, it has rights to only the files that the novelwww user (within the www group) has rights to see. QuickFinder cannot control what user is used to run QuickFinder Server; it simply runs with whatever user the Tomcat servlet engine was launched with. QuickFinder also adds the novelwww user to the shadow group, which allows QuickFinder Server and QuickFinder Engine to determine if a user is a valid user through PAM.

When synchronizing indexes, configuration settings, and search templates between QuickFinder servers, QuickFinder Server uses either port 80 or port 443,when communicating, controlled by the administrator. Administrators can also optionally configure the synchronization to require administrator credentials and HTTPS communications.

Anyone that logs in as a valid user via PAM (possibly eDirectory) and has write rights to the specified qfind.cfg file (/var/lib/qfsearch/Sites/qfind.cfg) can administer QuickFinder.

QuickFinder Server was originally designed to be capable of hosting search services for multiple independent organizations (possibly completely different enterprises). After an administrator has gained entry to QuickFinder Manager (through the specific virtual search server he or she has rights to), he or she then has administrative rights to all of the other virtual search servers.

On the searching side, QuickFinder Server does not usually perform rights-based searching. However, using QuickFinder Manager, administrators can configure any index to restrict access to the search results within it (only the ability to see results on the search results pages, not access to them). After an administrator has configured an index to perform rights-based searching, approximately the same logic as for administering the product is performed: users are authenticated by PAM (possibly eDirectory) and individual files are authorized based on users’ individual read rights to various files in the file system.