Table of Contents
This chapter explains the security issues related to Flumotion. Flumotion wants to promote a secure setup by default. We want our users to be conscious of the basics of security, and explain them how to configure for a minimum of security, while still keeping the server easy to configure.
This is a fine balance to strike. While it is possible to use Flumotion in a completely insecure mode, you have to actively set configuration parameters to do so. For example, by default, Flumotion will use an SSL protocol so no communication is done in cleartext.
Managers, workers and admin clients communicate using Twisted. This communication is done using a protocol. Currently, Flumotion supports two transport protocols: TCP and SSL [5].
TCP is the least secure: any communication using this transport is readable as plaintext on the network. This means that anyone with access to the traffic on your network can see authentication information, remote method calls, and other information exchanged between the various processes.
Because the TCP communication is visible as plaintext to anyone on the network, you should not use this transport except for testing, or in cases where you secure the communication through some other means (for example, through an SSH channel).
SSL encrypts the data so that it is not easily readable by looking at the network traffic. By default, Flumotion uses SSL. For SSL communication to work, the manager needs a PEM certificate file. On startup, the manager looks for flumotion/default.pem under the system configuration sysconfdir directory. You can specify a different PEM certificate file using the --certificate parameter to the manager.
When installing from source, you have to provide a PEM certificate file in the correct location. When installed from a package, there should be a default certificate file generated for you to use using one of the methods outlined below. There are various ways of making a PEM certificate file. In order of increasing security, they are:
Copy the one included in the tarball. The tarball includes conf/default.pem.
Use this only for testing ! Since this file is shipped as part of the tarball, it is easy for someone to decrypt the communication with the manager if he has access to the network.
Generate a dummy RSA key and certificate using ssl's make-dummy-cert program. This generates a random dummy certificate with fake data. The Fedora Core package does this after installation.
Generate a real RSA private key and certificate manually using openssl.
[5] Technically speaking, TCP is the transport protocol in both cases. SSL is a way of encrypting the actual TCP packets. In the context of Flumotion, however, we refer to both as protocols, where TCP is the standard TCP protocol (with plaintext communcation), and SSL uses Secure Socket Layer on top of TCP.