[keycloak-dev] security headers/realm attributes
Stian Thorgersen
stian at redhat.com
Mon Aug 11 11:33:33 EDT 2014
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Monday, 11 August, 2014 4:19:26 PM
> Subject: [keycloak-dev] security headers/realm attributes
>
> I'm going to add realm attributes to JPA model and move some stuff there
> (brute force settings for example)
>
> Also, I'm going to add a new menu item "Attack Prevention" (if you can
> think of a better name, let me know). Under this I'll move "Brute Force
> Protection". Eventually we'll probably put IP Filtering there. Also,
> will add a "Security Headers". Under this will allow you to manually
> set these headers:
"Intrusion prevention"?
BTW the number of tabs on realm settings makes it span multiple rows if social is enabled
>
> https://www.owasp.org/index.php/List_of_useful_HTTP_headers
>
> By default, iframe will use a same origin policy.
>
> Some of these headers are quite complex (Content-Security-Policy), so it
> might be easiest to just allow the user to set the header manually.
For 1.0.final that's probably best, but for the future I think we should figure this out so users doesn't have to ;)
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list