KCM ComposerUI for ASP.NET Developer's GuideSecuring KCM ComposerUISecuring CM ComposerUI Server installationSecuring CM ComposerUI

Securing CM ComposerUI

Configuring the application to run in Secure Mode does not ensure security. It is not safe to expose the entire KCM ComposerUI ASP.NET web application to the Internet, unless:

  • All custom applications on that server are configured and deployed to run in Secure Mode.

  • The custom applications are carefully written according to the guidelines in the section Secure customizations, and do not contain any security vulnerabilities.

  • The remainder of the server is shielded from the Internet by a firewall, or secured by some other means.

  • Web URLs on the server that are outside the KCM ComposerUI virtual directory are protected by the firewall, or secured by some other means.

If the KCM ComposerUI installation contains Secure Mode as well as non-Secure Mode applications, it is still possible to expose the Secure Mode applications to the Internet. In this case, one must place a firewall between the Internet and KCM ComposerUI ASP.NET. The Internet exposes only the URLs that belong to the Secure Mode applications, and no other URLs.

If the custom applications contain ASP.NET (aspx) pages that use ASP.NET web controls, it may be necessary to expose the web URL /itp/WebResource.axd through the firewall, where itp is the name of the virtual directory of KCM ComposerUI. This URL is used by ASP.NET to expose certain dynamically generated content. The default content and sample applications delivered with KCM ComposerUI ASP.NET do not use ASP.NET web controls and therefore do not require this URL to be exposed.