Question

3
Replies
99
Views
Sunil.Jha Member since 2015 9 posts
Capgemini Nederland B.V.
Posted: July 7, 2018
Last activity: July 18, 2018
Closed

Securtity concerns for Pega OOTB Service Packages

After installing Pega as descibed, we notice some out of the box service packages are not secure enough in our opinion.
Looking at the service package DownloadWebJS for example, it is missing the "requires authentication flag". Is there a reason to leave the "requires authentication" unchecked?

On the 7.3.1 environment, there is no authentication required for certain Service Packages, which is not correct and not inline with our security policilies. So the Question is, how to set/manage the Authentication Required for Pega OOTB services packages such that it must not be overwritten when you install an new version of an Application?

Need clarification and guidance on how to manage/improve Pega OOTB service packages which are without any "requires authentication flag".

Low-Code App Development Security
Moderation Team has archived post
Share this page LinkedIn