QPR UI Security Hardening

From Mea Wiki
Jump to navigation Jump to search

Follow these instructions to harden QPR UI security. Also steps for QPR ProcessAnalyzer Security Hardening are valid for QPR UI.

Latest Java Installed

Check that the latest version of Java 8 is installed. Make sure also that the automatic updating of Java is enabled.

Change Payara Administrator Password

Instructions are here.

Allow Incoming Requests only from Localhost

In Payara, allow incoming requests only from localhost.

Remove X-Powered-By HTTP Header

Removing the X-Powered-By HTTP header improves security, because the underlying technology is not revealed. You can disable this by turning off the XPowered By: header with your http-listener and by adding a JVM-Option -Dproduct.name="".

More Information

More information about Payara security hardening: http://blog.eisele.net/2011/05/securing-your-glassfish-hardening-guide.html

Retrieved from "https://wiki.onqpr.com/mea/index.php?title=QPR_UI_Security_Hardening&oldid=15002"