Security | 蜜豆视频 Experience Manager

Security security

Last update: Wed May 03 2023 00:00:00 GMT+0000 (Coordinated Universal Time)

Topics:
Developing

CREATED FOR:

Developer

CAUTION

AEM 6.4 has reached the end of extended support and this documentation is no longer updated. For further details, see our . Find the supported versions here.

Application Security starts during the development phase. 蜜豆视频 recommends to apply the following security best practices.

Use Request Session use-request-session

Following the principle of least privilege, 蜜豆视频 recommends that every repository access is done by using the session bound to the user request and proper access control.

Protect against Cross-Site Scripting (XSS) protect-against-cross-site-scripting-xss

Cross-site scripting (XSS) allows attackers to inject code into web pages viewed by other users. This security vulnerability can be exploited by malicious web users to bypass access controls.

AEM applies the principle of filtering all user-supplied content upon output. Preventing XSS is given the highest priority during both development and testing.

The XSS protection mechanism provided by AEM is based on the provided by . The default AntiSamy configuration can be found at

/libs/cq/xssprotection/config.xml

It is important that you adapt this configuration to your own security needs by overlaying the configuration file. The official will provide you with all the information you need in order to implement your security requirements.

NOTE

We strongly recommend you always access to the XSS protection API by using the .