General security recommendations
You should ensure that non-authorized parties cannot access the transport package.
The transport package that is sent from Content Manager to Content Deployer contains content, metadata, and deployment instructions. The operation may be compromised if the transport package is intercepted and the content and metadata replaced with malicious content and the deployment instructions altered to deploy the content to a non-intended location.
To control this potential threat, limit security access of the various Content Delivery processes as follows:
- All processes
-
All Content Delivery processes must be run by users with the following (minimal) rights:
- Read access to any file system storage location. Refer to Configuring Content Data Store access for your Content Delivery Role to find out where such a location might be configured.
- Read and write access to the logging directory. Refer to Configuring logging for a Content Delivery software component to find out where the logging directory is located.
- In a legacy in-process setup: read access to the Windows Registry.
- Content Deployer
- If you use file system storage, the user account that runs Content Deployer must also have write access to the file system storage file location(s). Refer to Configuring Content Data Store access for your Content Delivery Role to find out the location(s).
In an ASP.NET setup, these user accounts are the ones associated with the Default Application Pool.