You are here

Security policies and filters

You can configure a number of policies and filters in Alfresco Share to mitigate security attacks.
Important: Cross-Site Request Forgery (CSRF) and Alfresco

The Open Web Application Security Project (OWASP) describes Cross-Site Request Forgery (CSRF) as a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site for which the user is currently authenticated (see the Cross-Site_Request_Forgery Prevention_Cheat_Sheet).

The Share application must be accessible on the network to be available to users, and so it is protected with a CSRF filter.

If you want to protect those areas against CSRF attacks, then you will need to implement a solution similar to one of those listed on the CSRF prevention cheat sheet. Of particular interest is a solution based on Apache with mod_csrf because of efficiency and its loose coupling with the applications to protect.

When setting up a production Alfresco instance, you should ensure that /alfresco is protected behind a firewall.