Re: [keycloak-dev] security headers/realm attributes
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Monday, 11 August, 2014 4:19:26 PM
Subject: [keycloak-dev] security headers/realm attributes
I'm going to add realm attributes to JPA model and move some stuff there
(brute force settings for example)
Also, I'm going to add a new menu item "Attack Prevention" (if you can
think of a better name, let me know). Under this I'll move "Brute Force
Protection". Eventually we'll probably put IP Filtering there. Also,
will add a "Security Headers". Under this will allow you to manually
set these headers:
"Intrusion prevention"?
BTW the number of tabs on realm settings makes it span multiple rows if social is enabled
https://www.owasp.org/index.php/List_of_useful_HTTP_headers
By default, iframe will use a same origin policy.
Some of these headers are quite complex (Content-Security-Policy), so it
might be easiest to just allow the user to set the header manually.
For 1.0.final that's probably best, but for the future I think we should figure this
out so users doesn't have to ;)
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev