Chapter 4. Security

Red Hat Content Accelerator is designed to have very strict security. This is possible because the assistant user-space daemons is used to handle the complex exceptions.

Red Hat Content Accelerator only serves a file if

1. The URL does not contain ?.

2. The URL does not start with /.

3. The URL points to a file that exists.

4. The file is world-readable. [1]

5. The file is not a directory. [1]

6. The file is not executable. [1]

7. The file does not have the sticky-bit set. [1]

8. The URL does not contain any forbidden substrings such as .. [1]