PhantomJS and security hardening

Abstract

Increase the security on your content delivery servers.

Sitecore uses PhantomJS to generate screenshots of pages for use in the Sitecore clients. It is an external executable (.exe) file that is shipped with Sitecore in the $(dataFolder)\tools\phantomjs folder. Sitecore references this file through the ContentTesting.PhantomJS.ExecutablePath setting in the App_Config\Include\ContentTesting\Sitecore.ContentTesting.config configuration patch file.

Note

To limit access to the PhantomJS executable file, you should place the data folder outside the webroot folder.

The Windows process that Sitecore runs under requires the Read & executes permission on the executable file. The process also requires Read access to the folder itself to access the other files within the folder.

Because PhantomJS is executed from within Sitecore, it runs with the same permissions that have been set for the process that Sitecore is running under. You should run Sitecore with least privilege and only allow access to files and folders that Sitecore needs access to.

Sitecore passes PhantomJS a script that is generated from the RenderScripts processor in the getScreenShotForURL pipeline. This script instructs PhantomJS to write generated images to a specific folder. The GenerateFilename processor is responsible for generating the path and file name for use in the script.

By default, the output path is $(webroot)\temp\screenshots. The process that Sitecore runs under should already have Read and Write permissions to the temp folder. The output folder location is determined within the pipeline, which you can modify to output the files to a different location.

By default, PhantomJS is configured to use a disk cache for caching web resources. The location on disk where the cache is created is platform dependent and could be any of the following, depending on the version of windows on which Sitecore is running:

  • C:\Ofi Labs\PhantomJS\cache

  • C:\Users\<user>\AppData\Local\Ofi Labs\PhantomJS\cache

In the path, <user> is the account under which Sitecore is running.

To ensure the disk cache can operate, read and write access to the cache directory must be granted to the account under which Sitecore is running. You can disable the disk cache in the App_Config\Include\ContentTesting\Sitecore.ContentTesting.config file by changing the ContentTesting.PhantomJS.EnableDiskCache Sitecore setting to false. Disabling the cache results in screenshot generation taking longer because all web resources must be retrieved for each screenshot every time.

Note

If the folder that is used for the screenshot files has been changed, you can check the pipeline for the new location.

Increase security on content delivery servers

Because screenshots are used in the UI and emails, it is not necessary to generate them on content delivery servers.

To increase security on the content delivery servers:

  • Remove the $(dataFolder)\tools\phantomjs folder including the phantomjs.exe executable file.

  • Disable the getScreenshotForUrl pipeline that launches the PhantomJS process.

    To disable the getScreenshotForUrl pipeline, create a patch file that disables it in the Sitecore.ContentTesting.config configuration file:

    For more information about using patch files, see the topic Use a patch file to customize the Sitecore configuration.