2.1 Vendor-specific security information

When securing your operating system, carefully consider implementing the measures described by your operating system vendor, including these:

• Defining and controlling users, roles, and privileges

• Monitoring logs and audit trails

• Removing unnecessary services and applications

• Backing up files

For security information about operating systems that LiveCycle supports, see the resources in the this table.

When securing your application server, you should carefully consider implementing the measures described by your server vendor, including these:

• Using non-obvious administrator user name

• Disabling unnecessary services

• Securing the console manager

• Enabling secure cookies

• Closing unneeded ports

• Limiting clients by IP addresses or domains

• Using the Java™ Security Manager to programmatically restrict privileges

For security information about application servers that LiveCycle supports, see the resources in this table.

When securing your database, you should consider implementing the measures described by your database vendor, including these:

• Restricting operations with access control lists (ACLs)

• Using non-standard ports

• Hiding the database behind a firewall

• Encrypting sensitive data before writing it to the database (see the database manufacturer’s documentation)

For security information about databases that LiveCycle supports, see the resources in this table.

This table describes the default ports that are required to be open during your LiveCycle configuration process. If you are connecting over https, adjust your port information and IP addresses accordingly. For more information about configuring ports, see the Installing and Deploying LiveCycle document for your application server.

JBoss Application Server uses 8080 as the default HTTP port. JBoss also has pre-configured ports 8180, 8280, and 8380, which are commented out in the jboss-service.xml file. If you have an application on your computer that already uses this port, change the port that LiveCycle uses by following these steps:

1. Open the jboss-service.xml file in an editor.

   JBoss turnkey install: [JBoss root]/server/lc_turnkey/conf/

   JBoss manual install: [appserver root]/server/all/conf/

2. Locate and uncomment the following mbean:

   <mbean code="org.jboss.services.binding.ServiceBindingManager"

   name="jboss.system:service=ServiceBindingManager">

   <attribute name="ServerName">ports-01</attribute>

   <attribute name="StoreURL">${jboss.home.url}/docs/examples/binding-manager/sample-bindings.xml</attribute>

   <attribute name="StoreFactoryClassName">

   org.jboss.services.binding.XMLServicesStoreFactory

   </attribute>

   </mbean>

3. Save and close the file.

4. Restart JBoss.

JBoss is now configured to use port 8180. If you need to use either 8280 or 8380, modify the ServerName attribute value to use one of the following alternative ports:

• For 8280: ports-02

• For 8380: ports-03

If you need to configure a port number other than those pre-configured for JBoss, perform the following steps:

1. Locate and open the deploy/jboss-web.deployer file in [JBoss root] (turnkey) or [appserver root] (JBoss manual install).

2. Locate and uncomment the mbean from step 2 above.

3. Modify the ServerName value to the port number to use.

4. Save and close the file.

5. Restart JBoss.