All - I think it worth highlighting a recent comment on the public mifos slack #general channel here from Victor.
The [default] configuration only works for localhost installation. For > protecting the services exposed to internet, please change the > configuration of Nginx and make sure to use at least API Gateway, WAF and > SQL Injection tool." (Victor). We are compiling best practices at https://cwiki.apache.org/confluence/display/FINERACT/Securing+Fineract. If you have ideas, please help by putting them there. Also, please be aware that we are vendor neutral. While organizations like Mifos are free to bundle the fineract system in their offering per the terms of the license, that does not imply that Fineract has endorsed that particular deployment approach. The Mifos front end, once tightly coupled to the backend, is an indispensable tool for the community but it is just one option. Please consult the Fineract FAQ. https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=91554327
