You are here

Security policies and filters

You can configure a number of policies and filters in Alfresco Share to mitigate security attacks.
Important: Cross-Site Request Forgery (CSRF) and Alfresco

The Open Web Application Security Project (OWASP) describes Cross-Site Request Forgery (CSRF) as a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site for which the user is currently authenticated (see the Cross-Site_Request_Forgery Prevention_Cheat_Sheet).

Currently, the only web-accessible part of the Alfresco product that has CSRF protection is /share. The Share application must be accessible on the network to be available to users, and so it is protected with a CSRF filter.

Other parts of the product, such as /alfresco, /solr, and /solr4 do not have CSRF protection. This includes, for example, the Repository Admin Console. Ideally, you should not expose your Solr server to the Internet, so you can put it behind a proxy server. For more information on CSRF prevention, see CSRF prevention cheat sheet.

When setting up a production Alfresco instance, you should ensure that /alfresco is protected behind a firewall.