AEM 6.0 security checklist | Community
Skip to main content
hari_krishna_s1
Level 2
October 16, 2015
Solved

AEM 6.0 security checklist

  • October 16, 2015
  • 9 replies
  • 1776 views

Hi,

I am referring to followingchecklist. http://docs.adobe.com/docs/en/aem/6-0/administer/security/security-checklist.html 

Navigate to "Remove CRX development bundles" section. Adobe recommends to uninstall the following bundles from author & publish. What is the significance of below bundles? Are these are test bundles?

  • Adobe CRXDE Support (com.day.crx.crxde-support)
  • Adobe Granite CRX Explorer (com.adobe.granite.crx-explorer)
  • Adobe Granite CRXDE Lite (com.adobe.granite.crxde-lite)
This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by joerghoh

@bsloki: Yes, ideally ... when the bundle is uninstalled, it's hard to have a quick look at the repository. So I rather leave it installed. My experience in troubleshooting tells, that this is the first place to go when we need to validate repo settings or check specific nodes or properties.

kind regards,
Jörg

9 replies

joerghoh
Adobe Employee
Adobe Employee
October 16, 2015

Hi Hari,

these are the bundles for the CRX Explorer and CRXDE Lite.

Kind regards,
Jörg

hari_krishna_s1
Level 2
October 16, 2015

Hi Jörg,

Thank you for the quick response. So even if those bundles are uninstalled we should able to see crxde lite, http://<host:port>/crx/explorer urls correct?

joerghoh
Adobe Employee
Adobe Employee
October 16, 2015

Nope, after uninstalling these bundles these URLs are not supposed to work anymore.

(If you still need them on your production environment, you might leave them installed, but then you needto lock down the access to them!)

kind regards,
Jörg

Lokesh_Shivalingaiah
Level 10
October 16, 2015

Hari, if crx explorer bundle is uninstalled, you will not be able to access explore

Lokesh_Shivalingaiah
Level 10
October 16, 2015

Ideally, these are not needed on production systems and hence its mentioned in the security checklist

joerghoh
Adobe Employee
joerghohAdobe EmployeeAccepted solution
Adobe Employee
October 16, 2015

@bsloki: Yes, ideally ... when the bundle is uninstalled, it's hard to have a quick look at the repository. So I rather leave it installed. My experience in troubleshooting tells, that this is the first place to go when we need to validate repo settings or check specific nodes or properties.

kind regards,
Jörg

hari_krishna_s1
Level 2
October 16, 2015

Yes. Crxde lite will be helpful to debug many issues. I will keep the bundle installed and will remove read access to authors on crxde lite (in libs folder). 

Lokesh_Shivalingaiah
Level 10
October 16, 2015

Thats true @Jorg !! but we can keep the explorer if needed and crxde aswell but need to be careful on the content accessible on the crxde.

Lokesh_Shivalingaiah
Level 10
October 16, 2015

yes.. that would make sense...