| [ Index ] |
PHP Cross Reference of Phabricator |
[Summary view] [Print] [Text view]
1 <?php 2 3 final class PhabricatorSecurityConfigOptions 4 extends PhabricatorApplicationConfigOptions { 5 6 public function getName() { 7 return pht('Security'); 8 } 9 10 public function getDescription() { 11 return pht('Security options.'); 12 } 13 14 public function getOptions() { 15 $support_href = PhabricatorEnv::getDoclink('Give Feedback! Get Support!'); 16 17 return array( 18 $this->newOption('security.alternate-file-domain', 'string', null) 19 ->setLocked(true) 20 ->setSummary(pht('Alternate domain to serve files from.')) 21 ->setDescription( 22 pht( 23 "IMPORTANT: By default, Phabricator serves files from the same ". 24 "domain the application lives on. This is convenient but not ". 25 "secure: it creates a large class of vulnerabilities which can ". 26 "not be generally mitigated.\n\n". 27 28 "To avoid this, you should configure a second domain in the same ". 29 "way you have the primary domain configured (i.e., point it at ". 30 "the same machine and set up the same vhost rules) and provide ". 31 "it here. For instance, if your primary install is on ". 32 "'http://www.phabricator-example.com/', you could configure ". 33 "'http://www.phabricator-files.com/' and specify the entire ". 34 "domain (with protocol) here. This will enforce that files are ". 35 "served only from the alternate domain. Ideally, you should use ". 36 "a completely separate domain name rather than just a different ". 37 "subdomain.\n\n". 38 39 "It is **STRONGLY RECOMMENDED** that you configure this. Your ". 40 "install is **NOT SECURE** unless you do so.")) 41 ->addExample('http://www.phabricator-files.com/', pht('Valid Setting')), 42 $this->newOption( 43 'security.hmac-key', 44 'string', 45 '[D\t~Y7eNmnQGJ;rnH6aF;m2!vJ8@v8C=Cs:aQS\.Qw') 46 ->setMasked(true) 47 ->setLocked(true) 48 ->setSummary( 49 pht('Key for HMAC digests.')) 50 ->setDescription( 51 pht( 52 'Default key for HMAC digests where the key is not important '. 53 '(i.e., the hash itself is secret). You can change this if you '. 54 'want (to any other string), but doing so will break existing '. 55 'sessions and CSRF tokens.')), 56 $this->newOption('security.require-https', 'bool', false) 57 ->setLocked(true) 58 ->setSummary( 59 pht('Force users to connect via HTTPS instead of HTTP.')) 60 ->setDescription( 61 pht( 62 "If the web server responds to both HTTP and HTTPS requests but ". 63 "you want users to connect with only HTTPS, you can set this ". 64 "to true to make Phabricator redirect HTTP requests to HTTPS.\n\n". 65 66 "Normally, you should just configure your server not to accept ". 67 "HTTP traffic, but this setting may be useful if you originally ". 68 "used HTTP and have now switched to HTTPS but don't want to ". 69 "break old links, or if your webserver sits behind a load ". 70 "balancer which terminates HTTPS connections and you can not ". 71 "reasonably configure more granular behavior there.\n\n". 72 73 "IMPORTANT: Phabricator determines if a request is HTTPS or not ". 74 "by examining the PHP \$_SERVER['HTTPS'] variable. If you run ". 75 "Apache/mod_php this will probably be set correctly for you ". 76 "automatically, but if you run Phabricator as CGI/FCGI (e.g., ". 77 "through nginx or lighttpd), you need to configure your web ". 78 "server so that it passes the value correctly based on the ". 79 "connection type.")) 80 ->setBoolOptions( 81 array( 82 pht('Force HTTPS'), 83 pht('Allow HTTP'), 84 )), 85 $this->newOption('security.require-multi-factor-auth', 'bool', false) 86 ->setLocked(true) 87 ->setSummary( 88 pht('Require all users to configure multi-factor authentication.')) 89 ->setDescription( 90 pht( 91 'By default, Phabricator allows users to add multi-factor '. 92 'authentication to their accounts, but does not require it. '. 93 'By enabling this option, you can force all users to add '. 94 'at least one authentication factor before they can use their '. 95 'accounts.')) 96 ->setBoolOptions( 97 array( 98 pht('Multi-Factor Required'), 99 pht('Multi-Factor Optional'), 100 )), 101 $this->newOption( 102 'phabricator.csrf-key', 103 'string', 104 '0b7ec0592e0a2829d8b71df2fa269b2c6172eca3') 105 ->setMasked(true) 106 ->setLocked(true) 107 ->setSummary( 108 pht('Hashed with other inputs to generate CSRF tokens.')) 109 ->setDescription( 110 pht( 111 'This is hashed with other inputs to generate CSRF tokens. If '. 112 'you want, you can change it to some other string which is '. 113 'unique to your install. This will make your install more secure '. 114 'in a vague, mostly theoretical way. But it will take you like 3 '. 115 'seconds of mashing on your keyboard to set it up so you might '. 116 'as well.')), 117 $this->newOption( 118 'phabricator.mail-key', 119 'string', 120 '5ce3e7e8787f6e40dfae861da315a5cdf1018f12') 121 ->setMasked(true) 122 ->setLocked(true) 123 ->setSummary( 124 pht('Hashed with other inputs to generate mail tokens.')) 125 ->setDescription( 126 pht( 127 "This is hashed with other inputs to generate mail tokens. If ". 128 "you want, you can change it to some other string which is ". 129 "unique to your install. In particular, you will want to do ". 130 "this if you accidentally send a bunch of mail somewhere you ". 131 "shouldn't have, to invalidate all old reply-to addresses.")), 132 $this->newOption( 133 'uri.allowed-protocols', 134 'set', 135 array( 136 'http' => true, 137 'https' => true, 138 'mailto' => true, 139 )) 140 ->setSummary( 141 pht('Determines which URI protocols are auto-linked.')) 142 ->setDescription( 143 pht( 144 "When users write comments which have URIs, they'll be ". 145 "automatically linked if the protocol appears in this set. This ". 146 "whitelist is primarily to prevent security issues like ". 147 "javascript:// URIs.")) 148 ->addExample("http\nhttps", pht('Valid Setting')) 149 ->setLocked(true), 150 $this->newOption( 151 'uri.allowed-editor-protocols', 152 'set', 153 array( 154 'http' => true, 155 'https' => true, 156 157 // This handler is installed by Textmate. 158 'txmt' => true, 159 160 // This handler is for MacVim. 161 'mvim' => true, 162 163 // Unofficial handler for Vim. 164 'vim' => true, 165 166 // Unofficial handler for Sublime. 167 'subl' => true, 168 169 // Unofficial handler for Emacs. 170 'emacs' => true, 171 172 // This isn't a standard handler installed by an application, but 173 // is a reasonable name for a user-installed handler. 174 'editor' => true, 175 )) 176 ->setSummary(pht('Whitelists editor protocols for "Open in Editor".')) 177 ->setDescription( 178 pht( 179 "Users can configure a URI pattern to open files in a text ". 180 "editor. The URI must use a protocol on this whitelist.\n\n". 181 "(If you use an editor which defines a protocol not on this ". 182 "list, [[ %s | let us know ]] and we'll update the defaults.)", 183 $support_href)) 184 ->setLocked(true), 185 $this->newOption( 186 'celerity.resource-hash', 187 'string', 188 'd9455ea150622ee044f7931dabfa52aa') 189 ->setSummary( 190 pht('An input to the hash function when building resource hashes.')) 191 ->setDescription( 192 pht( 193 'This value is an input to the hash function when building '. 194 'resource hashes. It has no security value, but if you '. 195 'accidentally poison user caches (by pushing a bad patch or '. 196 'having something go wrong with a CDN, e.g.) you can change this '. 197 'to something else and rebuild the Celerity map to break user '. 198 'caches. Unless you are doing Celerity development, it is '. 199 'exceptionally unlikely that you need to modify this.')), 200 $this->newOption('remarkup.enable-embedded-youtube', 'bool', false) 201 ->setBoolOptions( 202 array( 203 pht('Embed YouTube videos'), 204 pht("Don't embed YouTube videos"), 205 )) 206 ->setSummary( 207 pht('Determines whether or not YouTube videos get embedded.')) 208 ->setDescription( 209 pht( 210 "If you enable this, linked YouTube videos will be embeded ". 211 "inline. This has mild security implications (you'll leak ". 212 "referrers to YouTube) and is pretty silly (but sort of ". 213 "awesome).")), 214 $this->newOption('security.allow-outbound-http', 'bool', true) 215 ->setBoolOptions( 216 array( 217 pht('Allow'), 218 pht('Disallow'), 219 )) 220 ->setLocked(true) 221 ->setSummary( 222 pht('Allow outbound HTTP requests.')) 223 ->setDescription( 224 pht( 225 'If you enable this, you are allowing Phabricator to '. 226 'potentially make requests to external servers.')), 227 $this->newOption('security.allow-conduit-act-as-user', 'bool', false) 228 ->setBoolOptions( 229 array( 230 pht('Allow'), 231 pht('Disallow'), 232 )) 233 ->setLocked(true) 234 ->setSummary( 235 pht('Allow administrators to use the Conduit API as other users.')) 236 ->setDescription( 237 pht( 238 'DEPRECATED - if you enable this, you are allowing '. 239 'administrators to act as any user via the Conduit API. '. 240 'Enabling this is not advised as it introduces a huge policy '. 241 'violation and has been obsoleted in functionality.')), 242 243 ); 244 } 245 246 protected function didValidateOption( 247 PhabricatorConfigOption $option, 248 $value) { 249 250 $key = $option->getKey(); 251 if ($key == 'security.alternate-file-domain') { 252 253 $uri = new PhutilURI($value); 254 $protocol = $uri->getProtocol(); 255 if ($protocol !== 'http' && $protocol !== 'https') { 256 throw new PhabricatorConfigValidationException( 257 pht( 258 "Config option '%s' is invalid. The URI must start with ". 259 "'http://' or 'https://'.", 260 $key)); 261 } 262 263 $domain = $uri->getDomain(); 264 if (strpos($domain, '.') === false) { 265 throw new PhabricatorConfigValidationException( 266 pht( 267 "Config option '%s' is invalid. The URI must contain a dot ('.'), ". 268 "like 'http://example.com/', not just a bare name like ". 269 "'http://example/'. Some web browsers will not set cookies on ". 270 "domains with no TLD.", 271 $key)); 272 } 273 274 $path = $uri->getPath(); 275 if ($path !== '' && $path !== '/') { 276 throw new PhabricatorConfigValidationException( 277 pht( 278 "Config option '%s' is invalid. The URI must NOT have a path, ". 279 "e.g. 'http://phabricator.example.com/' is OK, but ". 280 "'http://example.com/phabricator/' is not. Phabricator must be ". 281 "installed on an entire domain; it can not be installed on a ". 282 "path.", 283 $key)); 284 } 285 } 286 } 287 288 289 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Nov 30 09:20:46 2014 | Cross-referenced by PHPXref 0.7.1 |