MACROMEDIA BREEZE-SECURITY Manual - page 5
5
Security and Macromedia Breeze
Overview
This document is targeted towards system administrators and program managers interested in
ensuring security with Breeze. If you are installing Breeze for use on your intranet, it is
recommended that you review and implement the best practices outlined in this article. However,
if you are installing Breeze for use on the Internet, you must implement the best practices
outlined in this article. Failure to do so will compromise the security of your Breeze application
and the information contained within.
Macromedia Breeze is a server-based web application that integrates with a database to provide
a powerful solution for online training and conferencing. By hosting the Breeze application
on your intranet or the Internet, you are allowing users the flexibility to access information
anywhere, anytime.
By its very nature, any application that is run over a network, especially the Internet, has security
risks associated with it. Macromedia Breeze is no different. However, these security threats can be
minimized if careful consideration is taken towards implementing a security design for
Macromedia Breeze.
There are three levels of security that should be considered for Macromedia Breeze:
•
Application-Level Security
•
Physical Security
•
Infrastructure Security
Breeze provides application-level security, which provides an ACL (Access Control List)-based
security model for controlling which users have access to features in the Breeze application.
Physical security has to deal with placing the actual server in a physically-secure location. The
third level, infrastructure security, which deals with securing the server and the network, is the
most important, yet most overlooked aspect of securing Breeze.
This white paper is divided into the following sections:
•
Security Levels
•
Examples
•
Best Practices
•
Additional References