[SLING-11782] Document Sling threat model and how to properly secure Sling - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Documentation, Site
Labels:
- security

Description

The documentation should be more explicit about to run sling in a secure way. In particular we should provide some information about the underlying threat model.

For example we should be being explicit about the fact that whoever has access to the OSGi console has file system access with the privileges of the JRE.

cc: rombert, cziegeler

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Angela Schreiber

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/Feb/23 11:09

Updated:: 17/Mar/23 14:53