HFS: Secure your server

From rejetto wiki
Jump to navigation Jump to search

This article is about security for HFS users.

Many people ask: am I safe running this server software?
100% safety on the net is utopia, but we want to be reasonably safe.

HFS is considered quite safe software, no security bug is known at the moment, just ensure you are using the last version available. Moreover, HFS is open source, thus anyone is able to check for security flaws in it.

Even though it was not designed to be extremely robust, it is quite stable and has been used for months without a restart (see forum topic).

Secure your Windows

Before worrying about HFS, you should be concerned about your Windows system. To secure your computer, follow this advice:

  • Keep Windows updated with Windows Update.
  • Use a good and updated firewall.
  • Use a good and updated antivirus.

If you comply with these rules, the risks are very low.

What about strange logs?

If you see scary requests in the log, don't worry. They are simply requests. By default, HFS only logs fulfilled requests, so, if no reply has been logged, the request has not been fulfilled.

HTTPS and SSL

HTTPS is not supported natively at the moment. In the meantime, you can try adding HTTPS support by using STunnel. You can read an article on our forum where this discussed in detail.

Useful links