[keycloak-dev] security headers/realm attributes
Bill Burke
bburke at redhat.com
Mon Aug 11 11:19:26 EDT 2014
I'm going to add realm attributes to JPA model and move some stuff there
(brute force settings for example)
Also, I'm going to add a new menu item "Attack Prevention" (if you can
think of a better name, let me know). Under this I'll move "Brute Force
Protection". Eventually we'll probably put IP Filtering there. Also,
will add a "Security Headers". Under this will allow you to manually
set these headers:
https://www.owasp.org/index.php/List_of_useful_HTTP_headers
By default, iframe will use a same origin policy.
Some of these headers are quite complex (Content-Security-Policy), so it
might be easiest to just allow the user to set the header manually.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list