Hardening Image Access on AwareIM

JWeber

Hi All,

we are trying to harden the access to images in our AwareIM environment.

The reason for doing this is because we have sensitive data stored in our images, like Drivers Licenses / Passport details / and other types of Licences.

We understand AwareIM doesn't provide any security to images out of the box... and we are looking for alternatives how to do this.

1st Option was trying to harden Tomcat using things like:

<security-role>
<role-name>manager</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>management pages</web-resource-name>
<url-pattern>/secure/*</url-pattern>
<url-pattern>/mixed/secure3.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>

The problem of using this type of approach is, the Authentication Mechanism interfere with AwareIM built in Authentication.

Anyone has any idea?

PointsWell

Not sure if you are external facing or not but I found changin the name of the manager app reduced casual drive by attempts. It's ibsfuscation rather than security though

Tomcat Hardening>