You can customize the security settings on a production instance of PAS for OpenEdge. Some of the settings that you can customize are:
  • manager and host-manager web applications are undeployed by default—The default Tomcat applications that enable remote online administration. In the PAS for OpenEdge Production product, when you create an instance using the -f option, these administration applications are not deployed. These applications are archived in the $CATALINA_HOME/extras directory and can be redeployed to enable their functionality.
  • Replacement of the default Tomcat webapps/ROOT application—The replacement ROOT application specifically supports Progress applications including application security. The Tomcat ROOT application is archived in the $CATALINA_HOME/extras directory.
  • Auto-deployment turned off by default—Prevents the deployment of WAR files that are maliciously or erroneously copied to the instance. If turned on, the instance automatically deploys any new or updated WAR files in its web application directory.
    Note: PAS for OpenEdge automatically extracts WAR files when they are legitimately deployed using PASMAN or standard Tomcat utilities.
  • Shutdown port disabled for UNIX and Windows—The settings that prevents unauthorized stopping of the instance.
    Note: A shutdown port is optional for instances running on UNIX systems. However, you must specify a shutdown port when you create an instance that runs on Windows systems. The PASMAN utility supports specifying shutdown ports with the –s option to the create action.
  • Disabled JMX remote access—The default access setting. PAS for OpenEdge includes JMX and JConsole support for instance management, but the default setting is for local access only.
  • Web crawler filtering enabled—The setting that prevents instances from being overloaded by sessions initiated by web crawlers.
  • UNIX file permissions—The default file permissions are initially only accessible and executable by ROOT users and groups. This is described in About user and file permissions.