You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Angela Schreiber (Jira)" <ji...@apache.org> on 2023/02/21 11:10:00 UTC
[jira] [Created] (SLING-11782) Document Sling threat model and how to properly secure Sling
Angela Schreiber created SLING-11782:
----------------------------------------
Summary: Document Sling threat model and how to properly secure Sling
Key: SLING-11782
URL: https://issues.apache.org/jira/browse/SLING-11782
Project: Sling
Issue Type: Improvement
Components: Documentation, Site
Reporter: Angela Schreiber
The documentation should be more explicit about to run sling in a secure way. In particular we should provide some information about the underlying threat model.
For example we should be being explicit about the fact that whoever has access to the OSGi console has file system access with the privileges of the JRE.
cc: [~rombert], [~cziegeler]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)