[
https://issues.apache.org/jira/browse/SLING-11782?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17696211#comment-17696211
]
Robert Munteanu edited comment on SLING-11782 at 3/17/23 2:53 PM:
------------------------------------------------------------------
This is a very good idea. I've created
https://cwiki.apache.org/confluence/display/SLING/Threat+model so we can start
collaborating on it. It's been a long time since I looked at threat modelling,
so I'd be happy if someone could propose a structure or a methodology we can
follow.
was (Author: rombert):
This is a very good idea. I've created
https://cwiki.apache.org/confluence/display/SLING/Threat+model so we can start
collaborating on it. It's been a long time since I looked at thread modelling,
so I'd be happy if someone could propose a structure or a methodology we can
follow.
> Document Sling threat model and how to properly secure Sling
> ------------------------------------------------------------
>
> Key: SLING-11782
> URL: https://issues.apache.org/jira/browse/SLING-11782
> Project: Sling
> Issue Type: Improvement
> Components: Documentation, Site
> Reporter: Angela Schreiber
> Priority: Major
> Labels: security
>
> The documentation should be more explicit about to run sling in a secure way.
> In particular we should provide some information about the underlying threat
> model.
> For example we should be being explicit about the fact that whoever has
> access to the OSGi console has file system access with the privileges of the
> JRE.
> cc: [~rombert], [~cziegeler]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
