You are viewing the documentation for Blueriq 16. Documentation for other versions is available in our documentation directory.
The Blueriq Runtime can be deployed to Application Servers, like Tomcat and JBoss EAP. For the exact lis of supported Application Servers, see the Platform support page.
These Application servers don't usually come with secure default settings, so it is a good idea to harden them. As the Application Server that Blueriq runs on is not in Blueriq's control, your System Administrator should harden it.
An example of insecure default settings is that most application servers show stacktraces, sometimes with version information, when an error occurs. An attacker can exploit this information to target the server. It is good practice to provide custom error pages to hide this information.
Below are some links to get you started on Application Server security.
Tomcat
https://www.owasp.org/index.php/Securing_tomcat
JBoss EAP
Configure custom error pages: https://access.redhat.com/solutions/1587503
Websphere Liberty Core
Configure custom error pages: https://www.ibm.com/support/knowledgecenter/SSD28V_liberty/com.ibm.websphere.wlp.core.doc/ae/cwlp_servlet31_behavior.html#d211553e333
Additional support may also be acquired from the vendor of the Application Server.