Securing the Application Server Configuration

The application server is one of the most important components that influences the security of AWI. Usually, the default installation comes with common security principles already in place. This topic provides a set of best practices to improve them.

• Do not run the application server as a privileged user (root on UNIX or Administrator or Local System on Windows).
• The application server should never expose running software and its version number.
• Deploy applications only on the server that are required (i.e. no example applications).
• Secure the administration panel using a strong password. 
• Restrict the file permissions of the application server.
• Enable HTTPS/TLS and use it instead of plain HTTP, see Securing Access with HTTPS.

See also:

• Security and System Hardening
• Setting up Single Sign-On