Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Frevvoproduct
 connectors installed on-premise should only be accessible to the frevvo server i.e. http://localhost:8983/, and server and should not be remotely accessible. Most customers don’t allow external http  
Frevvoproduct
 recommends only allowing HTTPS access to a the server (only httpsnot external HTTP access). Since the connector(s) is not exposed over httpsHTTPS, remote code execution vulnerability can be mitigated (a remote attacker cannot exploit this vulnerability as it is not exposed). Another option to enhance connector security is to block  

If you choose to allow external access to port 8983, for example using firewall rules.HTTP, you should only allow requests with paths starting with /frevvo for port 8082 (or the port you are using for

Frevvoproduct
 and the Connector(s)). 

See also Database Connector Security.

...