Hi,
I'm currently looking into a similar scenario: we'll need to give project teams in the field access to the Alfresco document repositories.
For various reasons these guys are not able to connect through VPN. So, I'm NOT aiming to use WCM, but give these users access to the workspaces over the web. Since the documents contain sensitive information, I'm naturally wondering how strong Alfresco's security and authentication system is.
How difficult is it to set up Alfresco to run through https? I've seen the Tomcat SSL How-To, and that part seems fairly straightforward. For the moment I'm assuming that Alfresco has no problem running over https - is this correct, or has anybody come across any issues?
Also, In a standard server/database setup, I would place the web server in the DMZ and the content (database server) behind a firewall. I don't think that this approach is feasible with Alfresco's data repository, since it's realised as a directory structure (alf-data). If the web server was compromised, the files in the repository would potentially be at risk. is there an alternative way of doing this?
what are the best practices for running Alfresco in the way I described? Are there any security concerns with Alfresco in such a setup?
TIA,
Frank.
