Chapter 6 DXp SeCurity DXP Security Auditing and Logging Security Checklist • Ensure that the application logs all security events such as password changes, login failures, administrative activities, role/permission changes, and such. • Don’t allow the default framework error messages and stack traces (log messages) to appear in the error pages. Display generic error messages that don’t reveal details about the application framework and technologies. • Do not log the sensitive data in the application log files. • Secure the logs files and restrict the access to the log file location. Chapter Summary • The DXP security framework defines the key tenets of security concerns that need to be addressed in a DXP application. • The key elements of the DXP security framework are authentication, authorization, privacy, integrity, nonrepudiation, and confidentiality. • Authentication validates the user’s identity. • Privacy ensures that the user’s personal information is protected. • Authorization provides role-based access to functionality and resources. • Confidentiality ensures access is granted only to privileged users. • Integrity ensures that information is not modified during transmission. • Nonrepudiation ensures that that evidence cannot be altered or deleted. • Layer-wise DXP security includes enforcing security best practices at the infrastructure layer, web server layer, application server layer, database layer, and services layer. 199