Filesystem security¶

Filesystem access control¶

Security is improved by ensuring that files which contain sensitive information or data are appropriately access-controlled at a filesystem level, for example, use of the chmod 600 <file_name> command.

Warning

It would be easier to create a specific account for AP-Portal and restrict access to that account’s directory solely to that account (rather than, for example, also allowing group or unrestricted access).

`JASYPT` file content encryption¶

See Property file {de,en}cryption.

This risk is avoided if there is suitable Filesystem access control.

Log files¶

With log levels of debug or trace the log files may contain a large amount of data, some of which may be sensitive so it is advised that under normal operation a log level of at least info is used.