[jira] [Commented] (SLING-11782) Document Sling threat model and how to properly secure Sling

Oliver Lietz (Jira) Sat, 04 Mar 2023 03:06:21 -0800


    [ 
https://issues.apache.org/jira/browse/SLING-11782?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17696431#comment-17696431
 ]


Oliver Lietz commented on SLING-11782:
--------------------------------------

The STRIDE model is quite common AFAIK.

> Document Sling threat model and how to properly secure Sling
> ------------------------------------------------------------
>
>                 Key: SLING-11782
>                 URL: https://issues.apache.org/jira/browse/SLING-11782
>             Project: Sling
>          Issue Type: Improvement
>          Components: Documentation, Site
>            Reporter: Angela Schreiber
>            Priority: Major
>              Labels: security
>
> The documentation should be more explicit about to run sling in a secure way. 
> In particular we should provide some information about the underlying threat 
> model. 
> For example we should be being explicit about the fact that whoever has 
> access to the OSGi console has file system access with the privileges of the 
> JRE.
> cc: [~rombert], [~cziegeler]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (SLING-11782) Document Sling threat model and how to properly secure Sling

Reply via email to