Security Settings

Securing Cookies (WildFly Only)

If you are managing an HTTPS enabled domain, it is recommended that you set a flag which will stop cookies from being transmitted over HTTP.

Open the standalone.xml and add the following to the default servlet-container in the undertow subsystem's configuration:

<session-cookie http-only="true" secure="true"/>

For example:

<servlet-container name="default" allow-non-standard-wrappers="true" default-encoding="UTF-8">

<session-cookie http-only="true" secure="true"/>

<jsp-config/>

<websockets/>

</servlet-container>

Hide Stack Trace Reporting

To improve security you may wish to hide the stack trace reporting to users when an error is encountered in 1Integrate.

ClosedDisable report in WildFly

To disable full stack trace reports to users, you will need to enable the hide.stacktrace=true property in the settings.properties file.

hide.stacktrace=true

ClosedDisable Report in weblogic

To disable full stack trace reports to users, within the WebLogic Server Administration Console, include the following in the Server Start Arguments for the interface:

-Dhide.stacktrace=true

Uploaded files

Uploaded files are stored in the folder pointed to by the java.io.tmp environment variable.

For security purposes, we recommend that you use the relevant operating system tool to ensure that 'execute' permissions are removed for this folder.