UGC Web site security
Rating and commenting functionality creates new entry points for Web site visitor, and with it the risk of compromising security. Specifically, the Web service end point and the Web site itself are potentially vulnerable for attack. This topic explains some of the security concerns surrounding UGC, and how you can address them.
- Web service authentication (OAuth)
- Refer to the SDL Tridion core documentation to learn how you can implement authentication for your Content Delivery Web service. If you already have authentication set up for the Web service, refer to Configuring Content Delivery Web service end points to learn how to configure UGC to authenticate against the Web service.
- Accessing the Web service through SSL (HTTPS connection)
- If you have set up your Content Delivery Web service to be only accessible through HTTPS, Configuring UGC for HTTPS explains how you can configure UGC to access the Web service.
- SQL injection in comment forms
- UGC uses Hibernate to prevent SQL statements in comment forms from being executed. Visitors cannot manipulate your database using commenting.
- JavaScript injection or other Web code injection in comment forms
- Configuring UGC on JSP Web site explains how you can edit a 'white list' of allowed HTML elements in submitted comments. Any tags not listed in this white list are stripped out of the comment. By default, the white list only lets commenters include links to HTTP resources, preventing JavaScript injection, and opens those links in a new tab or window. Of course, you can edit the white list to disallow any links of any kind, or even any HTML at all.
- Comment flooding and mass rating or comment voting
-
By default, UGC is not set up to prevent visitors from posting multiple comments on the same Component or Page, rating the same Component or Page multiple times, or downvoting or upvoting a comment multiple times. This makes it easier to demonstrate the functionality of the product, for example, to show how multiple downvotes cause a comment to 'drop off' the Web page.
However, this also leaves open the possibility for abuse. Malicious visitors can flood a Web page with comments, downvote a comment into nonexistence, or rate a Component or Page any way they want.
You can prevent this by creating a Claim Processor that catches incoming comments and ratings and parses them before passing them on to UGC. Refer to the core SDL Tridion documentation to learn more about creating Claim Processors.
Some logical rules to implement are the following:
- Disallow a user from leaving more than N comments on a Component or Page.
- Disallow a user from rating the same content more than once.
- Disallow a user from downvoting or upvoting the same comment more than once.