Securing Cougar
Cougar is a security conscious framework, however, like anything, a little care needs to be taken to ensure it’s configured in the most secure manner. We’ll also cover the capabilities available to help you write your service implementations in a secure manner, and gotcha’s to look out for.
TODO
- Restricting certificate algorithms/strength
- Self-signed certs
- Don’t expose your admin port to the internet
- Don’t expose the binary transport to someone you don’t trust
- XSS protections on the admin console plugins
- Security strength factors
- Encrypted configuration
- Property overriding
- XFF headers