Open
Description
DX BU KR: КR4: Public Security Documentation across the products
link to the template used in DX BU: Security Article Draft
Create a documentation page that will enumerate the recommended security settings for Report Server installations.
Populate the list below with more topics:
- HTTPS installation (bindings, certificate)
- user with lowered permissions in IIS and web service.
- CORS settings in RS config - disable it, if possible. Enable only for trusted hosts.
- Data connections should not contain credentials. The identity used to connect to the database should be with limited permissions.
- use rate limiter
- user administration policy to enforce security
- list encrypted assets and restrict permissions for the rest of the RS assets if necessary
- link to Reporting Security article