Tips & Tricks

Hyperon Studio Security Information

There are several ways we distribute Hyperon Studio: as a docker image, in the cloud, as an apache-tomcat zip file, or build a war package. Ensuring that any distributed version is secure is critical. Secured distribution reduces the risk of private information leak out and data theft. This article provides information that may help secure the site and its code and server information from attacks and data theft.

HTTP vs HTTPS

As good security practice, it is required to host any distributed version with an SSL certificate.

SSL certificates are what enable websites to move from HTTP to HTTPS, which is more secure. SSL certificates make SSL/TLS encryption possible, and they contain the website's public key and website's identity.

A website needs an SSL certificate to keep user data secure, verify ownership of the website, prevent attackers from creating a fake version of the site.

War distribution

Besides HTTPS, other rules listed below need to be applied. These rules involve only war package distribution - in other distributions, we have already done it for you:

Custom server error page

Any host server should have configured a custom server error page displayed in any case of server error. This page can prevent information leaks like server version, stack trace, etc.

Preventing slow HTTP attacks

Slow HTTP attacks are denial-of-service(DoS) attacks in which the attacker sends HTTP requests in pieces slowly, one at a time to a Web server. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. When the server’s concurrent connection pool reaches its maximum, this creates a DoS. Slow HTTP attacks are easy to execute because they require only minimal resources from the attacker.

We can reduce this by setting proper values of your server request time out, read timeout, headers limit, body limit, etc.

The deployment directory should not have any execute permission.

Folders and files in the server containing deployment of HyperonStudio should have set proper edit/write permissions to avoid any edition by outsider users. Undesirable editions could lead to inconsistency in server or hyperon data.