You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@shindig.apache.org by Niels van Dijk <ni...@surfnet.nl> on 2011/01/11 16:20:42 UTC
Shindig security audit
Hi All,
We are going to deploy a shindig 2.0 based platform very soon. As part
of the deployment we need to do a security audit.
I was wondering if anyone had already done that already and if the
results of that audit are available somewhere. I can imagine that some
results may be confidential, but I also think several recommendation
might be more generic for Shindig, and not for the local setup. I would
also be intrested in Shindig 1.x audits to have some sort of reference.
many thanks!
Niels
Re: Shindig security audit
Posted by Niels van Dijk <ni...@surfnet.nl>.
Hi Paul,
Thanks for your feedback. Good to hear you do not expect any major
issues. Nevertheless, I fear your encuraging words will not convince my
security officer straight away ;)
Should anything pop up I'll share that within this community.
Cheers,
Niels
On 01/18/2011 02:22 AM, Paul Lindner wrote:
> I am not aware of any specific security audits for Shindig. I've done
> informal reviews internally and there hasn't been anything specific
> that comes up.
>
> Most of the issues will probably involve how well you manage the
> business logic mappings for the various shindig handlers. In this
> case there's a lot of policy variation so I would conclude that any
> security review would probably not be of much use.
>
>
> On Tue, Jan 11, 2011 at 7:20 AM, Niels van Dijk
> <ni...@surfnet.nl> wrote:
>> Hi All,
>>
>> We are going to deploy a shindig 2.0 based platform very soon. As part
>> of the deployment we need to do a security audit.
>>
>> I was wondering if anyone had already done that already and if the
>> results of that audit are available somewhere. I can imagine that some
>> results may be confidential, but I also think several recommendation
>> might be more generic for Shindig, and not for the local setup. I would
>> also be intrested in Shindig 1.x audits to have some sort of reference.
>>
>> many thanks!
>> Niels
>>
>
>
Re: Shindig security audit
Posted by Paul Lindner <li...@inuus.com>.
I am not aware of any specific security audits for Shindig. I've done
informal reviews internally and there hasn't been anything specific
that comes up.
Most of the issues will probably involve how well you manage the
business logic mappings for the various shindig handlers. In this
case there's a lot of policy variation so I would conclude that any
security review would probably not be of much use.
On Tue, Jan 11, 2011 at 7:20 AM, Niels van Dijk
<ni...@surfnet.nl> wrote:
> Hi All,
>
> We are going to deploy a shindig 2.0 based platform very soon. As part
> of the deployment we need to do a security audit.
>
> I was wondering if anyone had already done that already and if the
> results of that audit are available somewhere. I can imagine that some
> results may be confidential, but I also think several recommendation
> might be more generic for Shindig, and not for the local setup. I would
> also be intrested in Shindig 1.x audits to have some sort of reference.
>
> many thanks!
> Niels
>
--
Paul Lindner -- lindner@inuus.com -- linkedin.com/in/plindner