Versions Compared

Old Version 2

changes.mady.by.user Felix Janssen

Saved on

compared with

New Version Current

changes.mady.by.user Geert Graat

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

These Application servers don't usually come with secure default settings, so it is a good idea to harden them. As the Application Server that Blueriq runs on is not in Blueriq's control, your System Administrator should harden it.

An example of insecure default settings is that most application servers show stacktraces, sometimes with version information, when an error occurs. An attacker can exploit this information to target the server. It is good practice to provide custom error pages to hide this information.


Below are some links to get you started on Application Server security.

...

https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/how_to_configure_server_security/index

Configure custom error pages: https://access.redhat.com/solutions/1587503

Websphere Liberty Core

https://www.ibm.com/support/knowledgecenter/SSD28V_liberty/com.ibm.websphere.wlp.core.doc/ae/twlp_sec.html

Configure custom error pages: https://www.ibm.com/support/knowledgecenter/SSD28V_liberty/com.ibm.websphere.wlp.core.doc/ae/cwlp_servlet31_behavior.html#d211553e333


Additional support may also be acquired from the vendor of the Application Server.