Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This section explains how you can set up the security configurations in your application serverWSO2 Governance Registry (G-Reg)

After you install WSO2 ASG-Reg, it is recommended to change the default security settings according to the requirements of your production environment. Since AS WSo2 G-Reg is built on top of the WSO2 Carbon Kernel (version 4.4.1), the main security configurations applicable to AS the G-Reg are inherited from the Carbon kernel.

You can find detailed information on how to configure security in your AS the G-Reg as explained below.

ConfigurationDescription
Configuring transport-level security

WSO2 products support a variety of transports that make them capable of receiving and sending messages over a multitude of transport and application-level protocols. By default, most of the WSO2 products come with the HTTP transport. The transport receiver implementation of the HTTP transport is available in Carbon. The transport sender implementation comes from the Tomcat HTTP connector, which is configured in the <AS_HOME>/repository/conf/tomcat/catalina-server.xml file.

This also covers how you can protect your system from common security attacks. For example, 'Poodle' is a bug in the SSL version 3 protocol, which exposes critical data encrypted between clients and servers. 'Logjam' is a security threat (man-in-the-middle attack), which is caused by weak ciphers. These security vulnerabilities can be avoided by configuring transport-level security.

For more information on securing the HTTP transport, see the topic on configuring transport level security in the WSO2 Carbon documentation.

Configuring keystores

A keystore is a repository that stores the cryptographic keys and certificates. These artifacts are used for encrypting sensitive information, and establishing trust between your server and outside parties that connect to your server.

All WSO2 products come with a default keystore (wso2carbon.jks). In a production environment, it is recommended to replace it with a new keystore. You can also configure multiple keystores for different purposes.

See the following in the WSO2 Carbon documentation:

Securing sensitive passwords

As a secure vault implementation is available in all WSO2 products, you can encrypt the sensitive data such as passwords in configuration files using the Cipher tool.

See the following in the WSO2 Carbon documentation:

Enabling JAVA security managerSee the topic on enabling JAVA security manager in the WSO2 Carbon documentation for details on how to prevent untrusted code from manipulating your system. 
Securing Web applications

You can use the following prevention filters to mitigate the following security attacks when securing your Web applications.