Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Security page in Report Server docs #199

Open
ighristov opened this issue Sep 4, 2024 · 0 comments
Open

Add Security page in Report Server docs #199

ighristov opened this issue Sep 4, 2024 · 0 comments
Assignees
@todorarabadzhiev
Labels
security

Comments

@ighristov
Copy link
Collaborator

ighristov commented Sep 4, 2024
edited by todorarabadzhiev
Loading

Create a documentation page that will enumerate the recommended security settings for Report Server installations.

Populate the list below with more topics:

  • HTTPS installation (bindings, certificate)
  • user with lowered permissions in IIS and web service.
  • CORS settings in RS config - disable it, if possible. Enable only for trusted hosts.
  • Data connections should not contain credentials. The identity used to connect to the database should be with limited permissions.
  • use rate limiter
  • user administration policy to enforce security
  • list encrypted assets and restrict permissions for the rest of the RS assets if necessary
  • link to Reporting Security article
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@todorarabadzhiev todorarabadzhiev

Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ighristov @todorarabadzhiev