Update Procedure Security

 

The official ISL Online remote software repository is located at http://www.islonline.com/system/updates/ and can be used by any ISL Conference Proxy server with access to the internet.

In case the server does not have access to the internet (either due to it being behind a strict firewall or being in an intranet-only installation), it is possible to download the ISL Online software repository archive (the link is in Manage software -> Manual update), extract it to the desired local location and use that as a custom location instead of the default value.

No matter which option you use, the update procedure mentioned below is the same, with the only difference being the location for obtaining the files.

When you go to Manage software -> Online update, ISL Conference Proxy tries to obtain the latest software_policy.xml file. If the file is present, it checks its signature (in software_policy.xml.csig) before applying it. In case the signature check fails, the online update procedure is terminated and an error is shown to the administrator.

If the software policy file signature is OK, ISL Conference Proxy proceeds to check the index file (index.xml), but before parsing it, it checks the signature of the index file (in index.xml.csig). If it fails, the online update procedure is terminated and an error is shown to the administrator.

If the index file signature is OK, ISL Conference Proxy proceeds to parse it and composes a list of available updates, based on the software policy file and currently installed software, then shows this info to the administrator (available updates, planned changes).

Each file mentioned in index.xml also includes a SHA-512 hash (for ISL Conference Proxy 4.1 and newer, MD5 for older versions) and in case there is a mismatch, ISL Conference Proxy complains and does not proceed to process that file.

This means that the repository itself is protected from unauthorized file injection, even before such file could reach ISL Conference Proxy through online update.

All our public releases (.base = ISL Conference Proxy, .module = ISL Conference Proxy modules, .program = programs, .plugin = plugins, .action = actions, .translation = translations) are signed using our certificate during build time. The private part of this certificate is available only on our official build machines and developers do not have access to them (only the core admin team has access). These public releases are built from official release branches only and code review is mandatory before being able to merge code into release branches. Such release candidate builds have to go through several QA phases and get the final approval from the QA team before proceeding to become public releases.

When you upload one such public release to your ISL Conference Proxy, it checks the signature of the file and adds it to its pool of modules/programs/plugins/... only if the signature is OK, otherwise it rejects the file and you cannot download that program from your ISL Conference Proxy. Even if the administrator was to manually upload an unauthorized file to ISL Conference Proxy, it would complain about its signature and not use it.

When we release new versions, we publish them to our official ISL Online remote software repository (http://www.islonline.com/system/updates) and additionally sign the appropriate files (software policy file and index file). Generating an updated repository is a process that requires manual intervention by a member of the core release admin team in possession of the appropriate private part of the repository signature certificate.

All our public releases are listed in our official release info document, so we suggest checking it for a list of updates, bug fixes, new features etc.:
https://help.islonline.com/20065/169812

Tags: isl conference proxy, settings, advanced examples

Was this article helpful?