Server security features¶
From Sculptor 5.1 onwards, all versions of the Sculptor server programs kfserver | kfservnt run in secure mode. This is effected by means of a security database, which allows extensive configuration of user permissions for access to Sculptor keyed files and sequential files, and to execute applications on the server. Permissions may be allocated for read, write, create or execute operations, or any combination of these. It is also possible to deny any permissions for a particular resource.
Permissions may also be set for all users, and for all authenticated users - that is, users who have logged in correctly. Specific permissions for an individual user, if set, override general permissions for the same resource.
It is important that careful thought be given to the implications of the permissions assigned to a user. For example, if someone were given the ability to create or edit a text file that can be executed on the server, they would effectively be allowed to perform any operation. In general, executable files should be controlled very carefully with programs that the user cannot change.
In order to ensure backward compatibility, a security database that allows users unrestricted access is supplied as the default.