You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

The Blueriq Runtime can be deployed to Application Servers, like Tomcat and JBoss EAP. For the exact lis of supported Application Servers, see the Platform support page.

These Application servers don't usually come with secure default settings, so it is a good idea to harden them. As the Application Server that Blueriq runs on is not in Blueriq's control, your System Administrator should harden it.

An example of insecure default settings is that most application servers show stacktraces, sometimes with version information, when an error occurs. An attacker can exploit this information to target the server. It is good practice to provide custom error pages to hide this information.


Below are some links to get you started on Application Server security.

Tomcat

https://www.owasp.org/index.php/Securing_tomcat

JBoss EAP

https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/how_to_configure_server_security/index

Configure custom error pages: https://access.redhat.com/solutions/1587503

Websphere Liberty Core

https://www.ibm.com/support/knowledgecenter/SSD28V_liberty/com.ibm.websphere.wlp.core.doc/ae/twlp_sec.html

Configure custom error pages: https://www.ibm.com/support/knowledgecenter/SSD28V_liberty/com.ibm.websphere.wlp.core.doc/ae/cwlp_servlet31_behavior.html#d211553e333


Additional support may also be acquired from the vendor of the Application Server.

  • No labels