Siebel Security Hardening Guide > Securing the Operating System >

Securing the Siebel File System

The Siebel File System consists of a shared directory that is network-accessible to the Siebel Server and contains physical files used by Siebel Business Applications. The Siebel File System stores documents, images, and other types of file attachments.

Requests for access to the Siebel File System by Siebel user accounts are processed by Siebel Servers, which then use the File System Manager (FSM) server component to access the Siebel File System. FSM processes these requests by interacting with the Siebel File System directory. Siebel Remote components also access the Siebel File System directly. Other server components access the Siebel File System through FSM.

A Siebel proprietary algorithm that compresses files in the Siebel File System prevents direct access to files from outside the Siebel application environment in addition to providing a means of encrypting files. This algorithm is used at the Siebel Server level and appends the extension .saf to compressed files. These compressed files are decompressed before users or applications access them. Users access decompressed files through the Web client. You cannot disable use of this algorithm. For more information about the Siebel File System, see Siebel System Administration Guide.

To provide additional security for the Siebel File System, implement the following recommendations:

• When creating the shared directory for the Siebel File System, append a dollar sign ($) to the end of the share name; this hides the shared directory on the network. For example:

  \\servername\siebelfs$

• Use third-party utilities to encrypt the file system or individual folders within the file system.
• Make sure that the Siebel application does not provide direct user access to the Siebel File System by restricting access rights to the Siebel File System directory to the Siebel service owner and the administrator. For information, see Assigning Rights to the Siebel File System.
• Restrict the types of files that can be saved in the Siebel File System as described in Excluding Unsafe File Types from the Siebel File System.