H-Sphere 3.1 Beta 1 introduces the new scheme of communication
between SiteStudio and H-Sphere that helps to separate all possible
SiteStudio security issues from H-Sphere in future.
Created separate postgres user 'studio'
H-Sphere Updater changes 'wwwuser' password for H-Sphere DB and
creates 'studio' user, which no longer has access to H-Sphere DB.
Ownership for all of SiteStudio Databases (pool, guestbook, counter)
is changed to 'studio' postgres user.
Created separate Tomcat for SiteStudio running under the 'studio' system user
So SiteStudio will run under different users with limited permissions.
Users will comunicate with SiteStudio through Control Panel apache but SiteStudio
context will be redirected to the SiteStudio tomcat that listens on 8010 port.
Port 8010 should be open on your firewall between CP server and Sitestudio server
in case both are installed on separate servers.
If both are installed on the same server, port 8010 should be open only for localhost.
Note: In order to stop tomcat, port 8006 for localhost should be open on your firewall.
Developed new communication mechanism over http between SiteStudio and H-Sphere
User validation will be performed using unique encrypted key that is sent to SiteStudio
from H-Sphere and SiteStudio will check back this key on H-Sphere using http protocol.
Changed scheme to login to SiteStudio outside H-Sphere
Now a user will login to H-Sphere and H-Sphere will
automatically redirect authorized user to SiteStudio.
To provide this, skeleton files 'index.html' and 'login.html' were changed.
So newly created users will be able to login to SiteStudio from their own site.