Deployment Security Requirements

General Deployment Security Requirements

The Red Hat Web Application Framework security design must work under certain assumption about its deployment environment. Many products exist for protecting private networks from attack, and Red Hat Web Application Framework leverages the guarantees provided by those products.

10.10 Private Network All transfers between Red Hat Web Application Framework web servers and the database must occur on a private network, since sensitive data may be sent between these servers unencrypted. If this is not possible, all transfers between these servers must occur over SSL.

10.20 Support SSL Hardware SSL hardware executes the SSL protocol with the client and connects to the web servers over HTTP. The Red Hat Web Application Framework web servers must be able to detect when SSL is in use.

Design Notes: So that the web servers can detect the use of SSL, the SSL hardware must connect to different ports on the web server depending on whether HTTP (port 80) or SSL (port 443) is used. The web server's direct IP address must be non-routable (ie. 192.168.*), otherwise clients could connect directly to the web server at port 443 without using SSL. The SSL hardware must provide the ability to present a virtual IP address to clients and translate that address to the web server's IP address.

10.30 Support Multiple Servers In a multi-server system, only the server that authenticates the user has access to data derived from the user's credentials (such as an encryption key derived from a password). When secure, the system must employ mechanisms that minimize the amount of re-authentication required of the user.

Design Notes: The system could use server-stickiness to avoid requesting that the user re-login to multiple servers. Alternatively, the servers could share data using a shared cache.