Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-8443

I can read documentation about security topics to consider when running Camunda

    Details

      Description

      Topics that should be covered in [1]:

      • How to configure session timeout
      • How to configure https only
      • How to configure cookies domain
      • BPMN (containing scripts) / Forms should be deployed by a "trustful" employee
      • Forms: input validation (cross-site script attack)
      • SQL Injection when using native queries -> (User builds his own app by using native queries)
      • How to configure max post size in server (REST API)
      • How to delete demo user

      AT:

      • The documentation should not contain a step by step description how to configure something.
      • It should point out that these topics should be considered during the setup of Camunda.
      • There should be a link to show for example how to configure session timeouts on tomcat.

      [1]: https://docs.camunda.org/manual/7.7/user-guide/security/

        Activity

        Hide
        yana.vasileva Yana Vasileva added a comment -
        • please return it back after the review, so I can show the changes also to Robert
        Show
        yana.vasileva Yana Vasileva added a comment - please return it back after the review, so I can show the changes also to Robert

          People

          • Assignee:
            roman.smirnov Smirnov Roman
            Reporter:
            roman.smirnov Smirnov Roman
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development