Mercurial > hg > orthanc-book

annotate Sphinx/source/faq/security.rst @ 289:9223c3f26c1a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
csrf
author Sebastien Jodogne <s.jodogne@gmail.com>
date Mon, 30 Sep 2019 21:31:08 +0200
parents a64197133114
children 6cbcdb965ad3
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
238
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1 .. _security:
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
2
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
3 Securing Orthanc
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
4 ================
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
5
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
6 .. contents::
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
7
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
8 Orthanc is a microservice for medical imaging. Out-of-the-box, it
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
9 makes the assumption that it runs on the localhost, within a secured
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
10 environment. As a consequence, care must be taken if deploying Orthanc
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
11 in a insecure environment, especially if it is run as a public-facing
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
12 service on Internet. This page provides instructions to secure Orthanc
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
13 through its :ref:`configuration options <configuration>`.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
14
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
15
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
16 General configuration
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
17 ---------------------
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
18
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
19 As for any service running on a computer, you should:
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
20
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
21 * Make sure to run the Orthanc service as a separate user. In
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
22 particular, never run Orthanc as the ``root`` user on GNU/Linux, or
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
23 as the ``Administrator`` user on Microsoft Windows.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
24
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
25 * Contact your network administrators to setup `Intranet firewalls
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
26 <https://en.wikipedia.org/wiki/Firewall_(computing)>`__, so that
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
27 only trusted computers can contact Orthanc through its REST API
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
28 or through the DICOM protocol.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
29
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
30 Care must also be taken about some configuration options specific to
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
31 Orthanc:
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
32
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
33 * ``LimitFindResults`` and ``LimitFindInstances`` should not be set to
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
34 zero to avoid making Orthanc unresponsive on large databases by a
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
35 malicious user that would make many lookups within Orthanc. A value
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
36 of ``100`` should be a good compromise.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
37
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
38 * ``HttpsVerifyPeers`` should be set to ``true`` to secure outgoing
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
39 connections to remote HTTPS servers (such as when Orthanc is acting
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
40 as a :ref:`DICOMweb client <dicomweb-client>`).
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
41
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
42 * Make sure to understand the implications of the
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
43 ``OverwriteInstances`` option.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
44
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
45 * You might also be interested in checking the options related to
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
46 :ref:`performance optimization <scalability>`.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
47
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
48
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
49
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
50 Securing the HTTP server
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
51 ------------------------
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
52
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
53 .. highlight:: lua
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
54
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
55 Orthanc publishes a :ref:`REST API <rest>` that provides full
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
56 programmatic access to its content, in read/write. This means for
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
57 instance that a malicious user could delete the entire content of the
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
58 server, or could inspect confidential medical data.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
59
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
60 By default, the HTTP server is restricted to the localhost to prevent
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
61 such attacks from the outside world. However, as soon as external
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
62 access is granted by setting the ``RemoteAccessAllowed`` configuration
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
63 option to ``true``, you should:
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
64
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
65 * Set ``AuthenticationEnabled`` to ``true`` to force the users to
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
66 authenticate. The authorized users are listed in the option
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
67 ``RegisteredUsers``.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
68
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
69 * Enable :ref:`HTTPS encryption <https>` to prevent the stealing of
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
70 medical data or passwords, even on the Intranet.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
71
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
72 * If Orthanc is put on a server that can be contacted from Internet,
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
73 put Orthanc behind a :ref:`reverse proxy <https>`, and let this
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
74 reverse proxy take care of the HTTPS encryption.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
75
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
76 * Setup rules that define, for each authorized user, which resources
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
77 it can access, and through which HTTP method (GET, POST, DELETE
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
78 and/or PUT). This can be done by defining a :ref:`filter written in
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
79 Lua <lua-filter-rest>`. Here is a sample Lua filter that
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
80 differentiates between an administrator user (``admin``) who has
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
81 full access on the localhost only, and a generic user (``user``)
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
82 that has only read-only access::
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
83
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
84 function IncomingHttpRequestFilter(method, uri, ip, username, httpHeaders)
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
85 if method == 'GET' and (username == 'user' or username == 'admin') then
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
86 -- Read-only access (only GET method is allowed)
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
87 return true
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
88 elseif username == 'admin' and ip == '127.0.0.1' then
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
89 -- Read-write access for administrator (any HTTP method is allowed on localhost)
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
90 return true
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
91 else
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
92 -- Access is disallowed by default
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
93 return false
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
94 end
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
95 end
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
96
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
97 Very importantly, make sure to protect ``POST`` access to the
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
98 ``/tools/execute-script`` URI. This URI can indeed be used by a
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
99 malicious user to execute any system command on the computer as the
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
100 user that runs Orthanc.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
101
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
102 * Consider implementing a :ref:`higher-level application
289
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 253
diff changeset
103 <improving-interface>` (e.g. in PHP, Java, Django...) that takes
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 253
diff changeset
104 care of user authentication/authorization, and that is the only one
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 253
diff changeset
105 to be allowed to contact the Orthanc REST API. In particular, you
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 253
diff changeset
106 must create a higher-level application so as to properly deal with
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 253
diff changeset
107 `CSRF attacks
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 253
diff changeset
108 <https://en.wikipedia.org/wiki/Cross-site_request_forgery>`__:
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 253
diff changeset
109 Indeed, as explained in the introduction, Orthanc is a microservice
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 253
diff changeset
110 that is designed to be used within a secured environment.
238
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
111
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
112 * For advanced scenarios, you might have interest in the
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
113 :ref:`advanced authorization plugin <authorization>`. Similarly,
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
114 developers of :ref:`plugins <plugins>` could be interested by the
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
115 ``OrthancPluginRegisterIncomingHttpRequestFilter2()`` function
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
116 provided by the Orthanc plugin SDK.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
117
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
118
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
119 **Remark:** These parameters also apply to the :ref:`DICOMweb server plugin <dicomweb>`.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
120
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
121
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
122 Securing the DICOM server
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
123 -------------------------
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
124
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
125 .. highlight:: json
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
126
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
127 Besides its REST API that is served through its embedded HTTP/HTTPS
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
128 server, Orthanc also acts as a :ref:`DICOM server <dicom-protocol>`
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
129 (more precisely, as a DICOM SCP).
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
130
248
b15c3423b682 security
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 238
diff changeset
131 In general, the DICOM protocol should be disabled if running Orthanc
b15c3423b682 security
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 238
diff changeset
132 on a cloud server, except if you use a VPN (cf. `reference
b15c3423b682 security
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 238
diff changeset
133 <https://groups.google.com/d/msg/orthanc-users/yvHexxG3dTY/7s3A7EHVBAAJ>`__).
b15c3423b682 security
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 238
diff changeset
134 Favor HTTPS for transfering medical images across sites (see
b15c3423b682 security
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 238
diff changeset
135 above). You can turn off DICOM protocol by setting the configuration
b15c3423b682 security
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 238
diff changeset
136 option ``DicomServerEnabled`` to ``false``.
b15c3423b682 security
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 238
diff changeset
137
238
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
138 The DICOM modalities that are known to Orthanc are defined by setting
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
139 the ``DicomModalities`` configuration option. Out-of-the-box, Orthanc
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
140 accepts C-ECHO and C-STORE commands sent by unknown modalities, but
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
141 blocks C-FIND and C-MOVE commands issued by unknown modalities.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
142
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
143 To fully secure the DICOM protocol, you should:
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
144
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
145 * Set the ``DicomAlwaysAllowEcho`` configuration option to ``false``
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
146 to disallow C-ECHO commands from unknown modalities.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
147
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
148 * Set the ``DicomAlwaysAllowStore`` configuration option to ``false``
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
149 to disallow C-STORE commands from unknown modalities.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
150
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
151 * Set the ``DicomCheckModalityHost`` configuration option to ``true``
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
152 to validate the IP and hostname address of the remote modalities.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
153
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
154 * For each modality that is defined in ``DicomModalities``,
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
155 selectively specify what DICOM commands are allowed to be issued by
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
156 the SCU of this modality by setting the suboptions ``AllowEcho``,
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
157 ``AllowFind``, ``AllowMove`` and ``AllowStore``. For instance, a
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
158 modality could be allowed to C-STORE images, but be disallowed to
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
159 C-FIND the content of Orthanc. Here is a sample configuration to
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
160 define a single modality that is only allowed to send DICOM
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
161 instances to Orthanc::
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
162
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
163 {
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
164 "DicomModalities" : {
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
165 "untrusted" : {
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
166 "AET" : "CT",
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
167 "Port" : 104,
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
168 "Host" : "192.168.0.10",
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
169 "AllowEcho" : false,
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
170 "AllowFind" : false,
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
171 "AllowMove" : false,
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
172 "AllowStore" : true
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
173 }
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
174 }
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
175 }
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
176
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
177 **Note:** These configuration suboptions only affect the behavior of
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
178 the DICOM SCP of Orthanc (i.e. for incoming connections). Orthanc
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
179 will always be able to make outgoing DICOM SCU connections to these
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
180 modalities, independently of the value of these suboptions.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
181
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
182 * Consider implementing a :ref:`filter implemented in Lua
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
183 <lua-filter-rest>` to restrict which modalities can C-STORE images
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
184 within Orthanc, and which kind of images are accepted by Orthanc.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
185
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
186 * Consider setting ``DicomCheckCalledAet`` to ``true`` to force proper
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
187 configuration of remote modalities.
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
188
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
189
253
a64197133114 Orthanc 1.5.7
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 248
diff changeset
190 **Remark:** As of Orthanc 1.5.7, `DICOM TLS encryption
238
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
191 <https://www.dicomstandard.org/using/security/>`__ is not supported
a363714813b2 securing orthanc
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
192 yet. We are looking for :ref:`an industrial sponsor <contributing>` to
248
b15c3423b682 security
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 238
diff changeset
193 get this feature implemented, as it is useful in enterprise and cloud
b15c3423b682 security
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 238
diff changeset
194 environments.