access Control – JAAS
Details JAAS can be used for two purposes: for authentication of users, to reliably and securely determine who is currently...
- Home
- Security Hardening
- TNS Best Practices Jetty 9 V1.0.0
TNS Best Practices Jetty 9 V1.0.0
access Control – security Realms
Details Security realms allow you to secure your web applications against unauthorized access. Protection is based on authentication that identifies...Application specific logging
Details By default, the internal Jetty Logging discovery mechanism will load logging specific properties from a classpath resource called jetty-logging.propertiesand...Application specific logging – ${jetty.base}/start.ini –module=logging
Details By default, the internal Jetty Logging discovery mechanism will load logging specific properties from a classpath resource called jetty-logging.propertiesand...Application specific logging – start.jar –module=logging
Details By default, the internal Jetty Logging discovery mechanism will load logging specific properties from a classpath resource called jetty-logging.propertiesand...Authentication
Details Remove access for default and test users Default username and passwords should not be used NOTE: Nessus has not...configure log file size limit – org.eclipse.jetty.server.handler.RequestLogHandler
Details By default, the logging.properties file will have no defined limit for the log file size. This is a potential...configure log file size limit – Settings
Details By default, the logging.properties file will have no defined limit for the log file size. This is a potential...Encryption
Details Store the Username and Password in encrypted form Stored Username and Passwords should be encrypted Note: Nessus has not...Information Leakage
Details Return a custom reply message when something goes wrong, instead of the default reply message Jetty replies with. Avoid...