Expand my Community achievements bar.

Learn about Edge Delivery Services in upcoming GEM session
Register!
SOLVED

AEM 6.0 security checklist

Avatar

Level 2
Level 2
10/15/15 7:27:27 PM

Hi,

I am referring to followingchecklist. http://docs.adobe.com/docs/en/aem/6-0/administer/security/security-checklist.html 

Navigate to "Remove CRX development bundles" section. Adobe recommends to uninstall the following bundles from author & publish. What is the significance of below bundles? Are these are test bundles?

  • Adobe CRXDE Support (com.day.crx.crxde-support)
  • Adobe Granite CRX Explorer (com.adobe.granite.crx-explorer)
  • Adobe Granite CRXDE Lite (com.adobe.granite.crxde-lite)

Views

993

Replies

9
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
10/15/15 7:27:27 PM

@bsloki: Yes, ideally ... when the bundle is uninstalled, it's hard to have a quick look at the repository. So I rather leave it installed. My experience in troubleshooting tells, that this is the first place to go when we need to validate repo settings or check specific nodes or properties.

kind regards,
Jörg

View solution in original post

Views

747

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
9 Replies

Avatar

Employee Advisor
Employee Advisor
10/15/15 7:27:27 PM

Hi Hari,

these are the bundles for the CRX Explorer and CRXDE Lite.

Kind regards,
Jörg

Views

747

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
10/15/15 7:27:27 PM

Hi Jörg,

Thank you for the quick response. So even if those bundles are uninstalled we should able to see crxde lite, http://<host:port>/crx/explorer urls correct?

Views

770

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
10/15/15 7:27:27 PM

Nope, after uninstalling these bundles these URLs are not supposed to work anymore.

(If you still need them on your production environment, you might leave them installed, but then you needto lock down the access to them!)

kind regards,
Jörg

Views

747

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
10/15/15 7:27:27 PM

Hari, if crx explorer bundle is uninstalled, you will not be able to access explore

Views

747

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
10/15/15 7:27:27 PM

Ideally, these are not needed on production systems and hence its mentioned in the security checklist

Views

747

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee Advisor
Employee Advisor
10/15/15 7:27:27 PM

@bsloki: Yes, ideally ... when the bundle is uninstalled, it's hard to have a quick look at the repository. So I rather leave it installed. My experience in troubleshooting tells, that this is the first place to go when we need to validate repo settings or check specific nodes or properties.

kind regards,
Jörg

Views

748

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
10/15/15 7:27:27 PM

Yes. Crxde lite will be helpful to debug many issues. I will keep the bundle installed and will remove read access to authors on crxde lite (in libs folder). 

Views

769

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
10/15/15 7:27:27 PM

Thats true @Jorg !! but we can keep the explorer if needed and crxde aswell but need to be careful on the content accessible on the crxde.

Views

747

Replies

0
Sign in to like this content

Total Likes

Translate
Translate