The following sections discuss items that should be considered before deploying your application using PrizmDoc.
PrizmDoc Server is designed to be run as an internal web service. Steps should be taken to ensure that PrizmDoc Server is not accessible to end-users or the public internet. Typically, this would involve configuring a firewall in-front of PrizmDoc Server to block access to the port it is using. See the "Ports" section below for specific port information about PrizmDoc Server.
PrizmDoc Server includes an API to request real-time information about the state and health of the system. A sample ASP.NET web application is also included in the Windows installation that takes advantage of the administration API and demonstrates potential use cases.
The administration API provides information that can be helpful in diagnosing problems, but which may also be considered sensitive, like document information and specific processing tasks. Because of this, the administration sample or any application accessing the administration API of PrizmDoc Server should not be accessible to end-users or the public internet.
The following are the default ports that should be open to access PrizmDoc Server.
The central configuration file contains properties that can help prevent users from setting inappropriate values should they attack the PrizmDoc Server, which could render performance problems with the server. These values are properties in the ViewingSessionProperties object that a client-user passes to PrizmDoc Server to start a viewing session.
For more information refer to the following topics:
The following configuration properties put limits on viewing session properties sensitive to abusive attacks:
Example - Central Configuration Properties |
Copy Code
|
---|---|
# Defines the min and max allowed values for the countOfInitialPages viewing # session creation option. # # viewing.sessionConstraints.countOfInitialPages.min: 0 # viewing.sessionConstraints.countOfInitialPages.max: 10 # A regex which defines the pattern of an acceptable value for the # documentExtension viewing session creation option. # # viewing.sessionConstraints.documentExtension.regex: ".*" # A regex which defines the pattern of an acceptable value for the # externalId viewing session creation option. # # viewing.sessionConstraints.externalId.regex: ".*" # Defines the list of allowed values for the serverCaching viewing session # creation option. # # Must be an array with one or more of the following strings: # # "none" - Allow REST API callers to create a new viewing session with caching # explicitly disabled. # # "full" - Allow REST API callers to create a new viewing session with caching # explicitly enabled. # # viewing.sessionConstraints.serverCaching.allowedValues: ["none","full"] # Defines the list of allowed values for the alwaysUseRaster viewing session # creation option. # # Must be an array with one or more of the following values: # # false - Allow REST API callers to create a new viewing session which will # generate both raster and vector page content. Ideal for modern # browsers. # true - Allow REST API callers to create a new viewing session which will # only generate raster content; vector content will not be generated. # This is useful for some older browsers. # # viewing.sessionConstraints.render.alwaysUseRaster.allowedValues: [false] |
The pcc.config file contains element tags that can help prevent users from setting inappropriate values should they attack the PrizmDoc Server, which could render performance problems with the server. These values are properties in the ViewingSessionProperties object that a client-user passes to PrizmDoc Server to start a viewing session. The following tags put limits on properties sensitive to abusive attacks:
Tags |
Copy Code
|
---|---|
<!-- The regular expression check on ViewingSessionProperties.externalId to ensure appropriate values are being set. The default is to allow any string values. --> <ViewingSessionPropertyExternalId>.*</ViewingSessionPropertyExternalId> <!-- The regular expression check on ViewingSessionProperties.documentExtension to ensure appropriate values are being set. The default is to allow any string values. --> <ViewingSessionPropertyDocumentExtension>.*</ViewingSessionPropertyDocumentExtension> <!-- The minimum and maximum values allowed for ViewingSessionProperties.countOfInatialPages. Value of 0 means do all pages if min set to zero. The max value can be zero or a maximum value allowed for this property setting. --> <ViewingSessionPropertyCountOfInitialPages>min=0,max=10</ViewingSessionPropertyCountOfInitialPages> <!-- The minimum and maximum dpi values allowed for rendering images. --> <Html5RenderRasterResolution>min=100,max=300</Html5RenderRasterResolution> <!-- The permitted values for alwayseUseRaster can be true, false, or any (which means don't care). The default here is false which means svg files can be rendered. --> <Html5RenderAcceptableRasterValue>false</Html5RenderAcceptableRasterValue> <!-- The permitted values for serverCaching which can be none, full or any (which means take whatever is set). The default is none. --> <ViewingSessionPropertyServerCaching>none</ViewingSessionPropertyServerCaching> |