This document provides an overview of how Jeeves helps you to provide a secure web site, and discusses each of the key mechanisms provided in the current release.
Services shared by many people need to defend against a variety of problems. The solutions to these problems are often lumped together as "security". One of the most effective ways to understand what this "security "does for you is to describe the kinds of threats or attacks your website can defend against.
At a high level, Jeeves allows you to defend your website against these (and other) kinds of attacks:
Each website has a security policy which defines "how secure this site needs to be". (Sometimes it's not very well articulated!) A security policy talks about more than just "how to secure this website". It also talks about the kinds of risks that are acceptable, and those which are not. There will always be risks that you deem to be acceptable. Consider your home: just how determined must a burglar be to get access and steal your silverware? Many people don't defend against burglars willing to break windows to get in. Even among those which defend against such burglars, not everyone needs the same degree of paranoia. The same kind of "risk versus reward" tradeoffs need to be made on your website too.
That security policy is implemented by your website administrator. He (or she) uses the web server software and other tools such as operating system security, and physical security controlling access to the server and to its backup media. Your site (the service provider, and its users) needs to trust both the administrator and the web server software to maintain your security policy. Un-trustworthy staff is the number one security risk in any organization. You can never trust only software mechanisms, since they can be overridden.
Jeeves can't help you find a website administrator that you can trust not to violate your security (or that of your clients). Nor can Jeeves help you keep users from being given more trust than they really deserve. However, we do provide a number of mechanisms that a trusted administrator can use to secure your site against common website security threats.
The current release of Jeeves supports a variety of security mechanisms to help you secure your website:
HTTP supports "Basic Authentication". To get access to a particular web page, you must authenticate and then pass an access control check. Jeeves supports this "Basic" authentication scheme, using Access Control Lists (described later) to control access. However, there are two well recognized problems with this standard HTTP mechanism, which will be addressed (in later releases) by providing better authentication mechanisms:
Jeeves allows you, on Solaris, to control which user ID to use after your server binds to that TCP port. This lets you run Jeeves as your default server, without worries that a malicious servlet can commit some of the mayhem that "root" can perform.
In fact, Jeeves can be set up so that the "root" account is needed only when initially setting up Jeeves, and all normal administrative tasks can be done without needing "root" privileges.