4.3cmsWorks and security
The cmsWorks server comes in its delivery status with several open ports. These ports should be protected to prevent misusage.
Security - harden the cmsWorks-server
The following table shows the ports cmsWorks reveals to the world. The severity of security levels to take in account for these ports is categorized into "Very high", "High", "Middle" and "Low".
Port | Description | Importance of protection |
8050 | Telnet-server | Very high: Accessing this port via telnet let you execute system commands within the server. |
8080 | Preview of cmsWorks | Middle: (normally) Non-published content can be accessed through this port. If you are creating internal views or services using the preview service, this port must not be reachable from the outside world either. |
8081 | Live view of cmsWorks | Low: This port reveals only published content. |
8082 | cmsWorks Desktop (WebUI) | High: Via this web interface content can be created, altered or deleted after a login mask was passed. |
Attention: Access to the cmsWorks server instance on a productive system always should be secured through a firewall.
In best case, only a webserver like Apache, nginx or IIS should be accessible via port 80, if possible not running on the same server as cmsWorks. The webserver then only points to the preview / live views or the WebUI via mod_proxy or similar methods. This way, additional mechanisms for security can be added using the possibilities of standard webservers (i.e. .htaccess with password protection).