Skip navigation
Announcements 
Securities Best Practice for Cascade Server Administrators
- If you need access to the machine on which Cascade is running from outside of your network, only open the network ports through the firewall as necessary (i.e. port 80 and/or 443 for HTTP and HTTPS, respectively).
- Don't make everyone an administrator. That's a recipe for disaster. Keep the number of administrators to a minimum and delegate responsibility through the manager role.
- Non-trusted sources should either be assigned the Contributor or Approver roles. These roles mandate workflow participation unless otherwise explicitly set up through folder and asset factory settings.
- Use ACLs(access control list). These can dramatically increase the security of your sites you manage in Cascade.
- Protect asset factory base assets through the use of ACLs.
- Manage your users through LDAP. This will ensure that the Cascade user base is kept up to date with the company user base, and any password policies enforced through the LDAP server will then be enforced through Cascade, as Cascade actively authenticates against the LDAP user store.
- In the LDAP configuration specify to bind to the LDAP server using SSL rather than cleartext. More information on this is in the knowledge base.
- Publish to secure destinations (eg SFTP instead of FTP)
- Put all a site's "structural" assets in a folder called "_internal" that is only readable by the manager/administrator group for that particular site.
Structural assets would include templates, any stylesheets that transform content that should not be changed by regular contributors, index blocks that produce breadcrumbs and other navigational regions that should not be changed by regular contributors, and asset factory base assets.
- Protect your password and make sure each individual in Cascade has the appropriate access rights.
