Difference between revisions of "QPR UI Security Hardening"
Jump to navigation
Jump to search
(Created page with "Follow these instructions to harden QPR UI security. Also steps for QPR ProcessAnalyzer Security Hardening are valid for QPR UI. == Check Latest Java Version Installed ==...") |
|||
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Follow these instructions to harden QPR UI security. Also steps for [[QPR ProcessAnalyzer Security Hardening]] are valid for QPR UI. | Follow these instructions to harden QPR UI security. Also steps for [[QPR ProcessAnalyzer Security Hardening]] are valid for QPR UI. | ||
− | == | + | == Latest Java Installed == |
Check that the [[QPR_UI_System_Requirements#Other Needed Server Components|latest version of Java 8]] is installed. Make sure also that the automatic updating of Java is enabled. | Check that the [[QPR_UI_System_Requirements#Other Needed Server Components|latest version of Java 8]] is installed. Make sure also that the automatic updating of Java is enabled. | ||
== Change Payara Administrator Password == | == Change Payara Administrator Password == | ||
− | + | Instructions are [[Payara_Configuration_in_QPR_UI#Changing_Payara_Administrator_Password|here]]. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Allow Incoming Requests only from Localhost == | == Allow Incoming Requests only from Localhost == | ||
− | + | In Payara, allow incoming requests only from localhost. | |
== Remove X-Powered-By HTTP Header == | == Remove X-Powered-By HTTP Header == | ||
− | Removing the X-Powered-By HTTP | + | Removing the '''X-Powered-By''' HTTP header improves security, because the underlying technology is not revealed. You can disable this by turning off the '''XPowered By:''' header with your http-listener and by adding a JVM-Option '''-Dproduct.name=""'''. |
− | More information about Payara hardening: http://blog.eisele.net/2011/05/securing-your-glassfish-hardening-guide.html | + | == More Information == |
+ | More information about Payara security hardening: http://blog.eisele.net/2011/05/securing-your-glassfish-hardening-guide.html | ||
[[Category: QPR UI]] | [[Category: QPR UI]] |
Latest revision as of 12:32, 23 December 2019
Follow these instructions to harden QPR UI security. Also steps for QPR ProcessAnalyzer Security Hardening are valid for QPR UI.
Latest Java Installed
Check that the latest version of Java 8 is installed. Make sure also that the automatic updating of Java is enabled.
Change Payara Administrator Password
Instructions are here.
Allow Incoming Requests only from Localhost
In Payara, allow incoming requests only from localhost.
Remove X-Powered-By HTTP Header
Removing the X-Powered-By HTTP header improves security, because the underlying technology is not revealed. You can disable this by turning off the XPowered By: header with your http-listener and by adding a JVM-Option -Dproduct.name="".
More Information
More information about Payara security hardening: http://blog.eisele.net/2011/05/securing-your-glassfish-hardening-guide.html