It is important that you secure your Diffusion server, particularly for production systems or any application that is exposed to the public internet or contains sensitive data.
Here are some steps to help you secure a Diffusion installation:
- Change the password for the default 'admin' principal!
- Make sure that each client is connecting to the Diffusion server with the minimum level of permissions it needs. A production client should not typically be connecting using a principal with extensive permissions, like 'admin'.
- Secure the web-based Diffusion console as explained in the manual to prevent unauthorized access.
- Use the obfuscation tool to make it harder for an attacker to read sensitive data in the Diffusion configuration files.
- Test your security considering the aspects listed in the manual.
This is not a comprehensive checklist, and many other factors can affect the security of your application. If your organization does not have security expertise, we recommend using a third-party penetration testing service to check your application for vulnerabilities.