Expand my Community achievements bar.

Radically easy to access on brand approved content for distribution and omnichannel performant delivery. AEM Assets Content Hub and Dynamic Media with OpenAPI capabilities is now GA.
SOLVED

AEM 6.0 security checklist

Avatar

Level 2

Hi,

I am referring to followingchecklist. http://docs.adobe.com/docs/en/aem/6-0/administer/security/security-checklist.html 

Navigate to "Remove CRX development bundles" section. Adobe recommends to uninstall the following bundles from author & publish. What is the significance of below bundles? Are these are test bundles?

  • Adobe CRXDE Support (com.day.crx.crxde-support)
  • Adobe Granite CRX Explorer (com.adobe.granite.crx-explorer)
  • Adobe Granite CRXDE Lite (com.adobe.granite.crxde-lite)
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

@bsloki: Yes, ideally ... when the bundle is uninstalled, it's hard to have a quick look at the repository. So I rather leave it installed. My experience in troubleshooting tells, that this is the first place to go when we need to validate repo settings or check specific nodes or properties.

kind regards,
Jörg

View solution in original post

9 Replies

Avatar

Employee Advisor

Hi Hari,

these are the bundles for the CRX Explorer and CRXDE Lite.

Kind regards,
Jörg

Avatar

Level 2

Hi Jörg,

Thank you for the quick response. So even if those bundles are uninstalled we should able to see crxde lite, http://<host:port>/crx/explorer urls correct?

Avatar

Employee Advisor

Nope, after uninstalling these bundles these URLs are not supposed to work anymore.

(If you still need them on your production environment, you might leave them installed, but then you needto lock down the access to them!)

kind regards,
Jörg

Avatar

Level 10

Hari, if crx explorer bundle is uninstalled, you will not be able to access explore

Avatar

Level 10

Ideally, these are not needed on production systems and hence its mentioned in the security checklist

Avatar

Correct answer by
Employee Advisor

@bsloki: Yes, ideally ... when the bundle is uninstalled, it's hard to have a quick look at the repository. So I rather leave it installed. My experience in troubleshooting tells, that this is the first place to go when we need to validate repo settings or check specific nodes or properties.

kind regards,
Jörg

Avatar

Level 2

Yes. Crxde lite will be helpful to debug many issues. I will keep the bundle installed and will remove read access to authors on crxde lite (in libs folder). 

Avatar

Level 10

Thats true @Jorg !! but we can keep the explorer if needed and crxde aswell but need to be careful on the content accessible on the crxde.