Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-8443

I can read documentation about security topics to consider when running Camunda

    XMLWordPrintable

    Details

      Description

      Topics that should be covered in [1]:

      • How to configure session timeout
      • How to configure https only
      • How to configure cookies domain
      • BPMN (containing scripts) / Forms should be deployed by a "trustful" employee
      • Forms: input validation (cross-site script attack)
      • SQL Injection when using native queries -> (User builds his own app by using native queries)
      • How to configure max post size in server (REST API)
      • How to delete demo user

      AT:

      • The documentation should not contain a step by step description how to configure something.
      • It should point out that these topics should be considered during the setup of Camunda.
      • There should be a link to show for example how to configure session timeouts on tomcat.

      [1]: https://docs.camunda.org/manual/7.7/user-guide/security/

        Attachments

          Activity

            People

            Assignee:
            roman.smirnov Roman Smirnov
            Reporter:
            roman.smirnov Roman Smirnov
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: