Skip to first unread message
Open eSignForms
Jan 10, 2014, 5:58:32 PM1/10/14
to openesig...@googlegroups.com
Question misdirect to Yozons support for an open source deployment:
After doing a vulnerability scan, there were a few security issues of concern. They are:
1) Port 3306 for MySQL service.
2) TLS/SSL certificate signed by unknown, untrusted CA: CN=COMODO SSL CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB -- Path does not chain with any of the trust anchors.
After doing a vulnerability scan, there were a few security issues of concern. They are:
1) Port 3306 for MySQL service.
2) TLS/SSL certificate signed by unknown, untrusted CA: CN=COMODO SSL CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB -- Path does not chain with any of the trust anchors.
Open eSignForms
Jan 10, 2014, 6:03:28 PM1/10/14
to openesig...@googlegroups.com
Neither of those vulnerabilities are related to our system.
The first points to MySQL, which OpenESF doesn't use. Most likely it was already installed by your server hosting provider (often it goes with the various control panel programs that server hosting providers pre-install). OpenESF uses PostgreSQL with the default port 5432, and it is configured correctly to only accept connections from the server itself (localhost), and the firewall rules put in did not give outside access. You can either turn off MySQL or block it in the firewall rules, but you will lose whatever functionality it provided.
The second points to your SSL certificate and it seems you suggest that the COMODO SSL certificate does not come from a "well-known, trusted CA". Yet it seems to work just fine in every browser we tested, with USERTrust (AddTrust External CA Root) signing it. Most likely, the scanner just has an old list of trusted CA root certs. And it likely means that some older browsers may also have issues, but again, this is related to the SSL cert you have and not anything about OpenESF setup.
The first points to MySQL, which OpenESF doesn't use. Most likely it was already installed by your server hosting provider (often it goes with the various control panel programs that server hosting providers pre-install). OpenESF uses PostgreSQL with the default port 5432, and it is configured correctly to only accept connections from the server itself (localhost), and the firewall rules put in did not give outside access. You can either turn off MySQL or block it in the firewall rules, but you will lose whatever functionality it provided.
The second points to your SSL certificate and it seems you suggest that the COMODO SSL certificate does not come from a "well-known, trusted CA". Yet it seems to work just fine in every browser we tested, with USERTrust (AddTrust External CA Root) signing it. Most likely, the scanner just has an old list of trusted CA root certs. And it likely means that some older browsers may also have issues, but again, this is related to the SSL cert you have and not anything about OpenESF setup.
Reply all
Reply to author
Forward
0 new messages