You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Angela Schreiber (Jira)" <ji...@apache.org> on 2023/02/21 11:10:00 UTC

[jira] [Created] (SLING-11782) Document Sling threat model and how to properly secure Sling

Angela Schreiber created SLING-11782:
----------------------------------------

             Summary: Document Sling threat model and how to properly secure Sling
                 Key: SLING-11782
                 URL: https://issues.apache.org/jira/browse/SLING-11782
             Project: Sling
          Issue Type: Improvement
          Components: Documentation, Site
            Reporter: Angela Schreiber


The documentation should be more explicit about to run sling in a secure way. In particular we should provide some information about the underlying threat model. 

For example we should be being explicit about the fact that whoever has access to the OSGi console has file system access with the privileges of the JRE.

cc: [~rombert], [~cziegeler]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)