span8
span4
span8
span4
Clickjacking, or user interface redress attack, is a technique used by malicious websites to trick a user into divulging confidential information. The target website is embedded in an IFRAME, and then other invisible page elements intercept clicks and keystrokes which the user intends to send to the target website. For more information on clickjacking, please see the following pages:
FME Server by default does not prevent clickjacking, as this may disrupt legitimate uses of the web interface. However, it is straightforward to harden FME Server against this vulnerability, as the FME Server Web Application Server (Tomcat) has a built-in filter to instruct the user's browser to either reject all embedding, or to allow embedding only on pages from the same host. FME Server admins usually become aware of the issue when it is picked up in a security scan.
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xs... version="3.1">
ClickjackFilterDeny org.apache.catalina.filters.HttpHeaderSecurityFilter antiClickJackingEnabled true ClickjackFilterDeny /*
注意:This will block embedding by任何页面。如果你想allow same-origin embedding, please see the Apache Tomcat documentation oncontainer-supplied filters.
End Client Sessions when Tomcat Restarts
Web Application Server Port Already in Use When Running FME Server
Open SSL Vulnerability with the FME Product Suite
Use a Reverse Proxy with FME Server
Changing FME_INSTANCE_NAME is not altering the name of the FME Engine.
Request times out: Network error between Tomcat and FME Server
FME Server web apps install in 'Program Files (x86)' instead of 'Program Files' (Windows 64)
© 2020 Safe Software Inc |Legal