Security considerations for production environments - CustomerID

The main issue to note concerning CustomerID security is that some of the security issues for a production service, which includes CustomerID, needs to be handled with external network equipment or services during deployment. It is not possible to include all security hardening configurations for the whole production environment inside the CustomerID installation package. Also different environments require different security settings. CustomerID is implemented as a secure application, but the whole service needs additional security considerations. On this page we have listed some of the security issues that need to be taken into account when deploying CustomerID.

See also the corresponding page related to SSO: Security considerations for production environments - SSO.

Certificates

We have separate instructions concerning SSL. See Two node CustomerID SSL on Linux - CustomerID or Two node SSL configuration on Windows - CustomerID.

Access restrictions

Service restrictions

REST services are not meant to be open to the public. So restrict access for REST services to internal domains. REST API network traffic should be considered and handled as secret and sensitive containing personally identifiable data.

IP address restrictions

While it is possible to configure IP address restrictions in WildFly, we recommend doing that in the network equipment in front of the application tier.

Port access restrictions

Default configuration leaves HTTP port 7080 open in WildFly.

By default the WildFly installation has HTTP port open so that during deployment it can be decided if TLS termination will be done in the proxy tier or in the application tier.

HTTP header management

Several HTTP headers have security implications. The proxy tier can be used to manipulate them as necessary for security impacts.

PostgreSQL

PostgreSQL hardening is entirely a deployment concern.

Logging

Logging in proxies, similar network equipment, and WildFly must be configured not to include HTTP URL query parameters.