Closed kwiatekus closed 5 years ago
stale[bot]
commented
5 years ago This issue has been automatically marked as stale due to the lack of recent activity. It will soon be closed if no further activity occurs. Thank you for your contributions.
stale[bot]
commented
5 years ago This issue has been automatically closed due to the lack of recent activity.
stale[bot]
commented
5 years ago This issue has been automatically marked as stale due to the lack of recent activity. It will soon be closed if no further activity occurs. Thank you for your contributions.
stale[bot]
commented
5 years ago This issue has been automatically marked as stale due to the lack of recent activity. It will soon be closed if no further activity occurs. Thank you for your contributions.
jesusreal
commented
5 years ago The following could be part of the guidelines: https://github.com/kyma-project/kyma/blob/master/docs/console/03-03-CR-security-guidelines.md
jesusreal
commented
5 years ago We might want to consider writing documentation in scope of this ticket for what we added here: https://github.com/SAP/luigi/pull/547/files
Description Development of microfrontends require a reasonable level of security awareness and some specific knowledge about the specific system features in order to be performed securely.
Risk
A security vulnerability in the frontend could compromise whole application security or affect customer devices (what could be leveraged to perform more sophisticated attacks using affected customer privileges)
Risk accepted on 03/Jul/18 by @gopikannappan
Suggested Remediation
Provide development guidelines, especially for microfrontends, and TLS usage, idp handling