Advanced Security options

Hiding error stacks

By default, the DSS backend sends backend error stacks to logged-in users. This makes debugging and understanding easier.

This behavior can be disabled in the following way:

  • Stop DSS
DATADIR/bin/dss stop
  • Edit the DATADIR/config/general-settings.json file
  • Locate the "security" top-level key in the JSON file. If it does not exist, create it as an empty JSON object
  • Within “security”, add or edit the following key : "hideErrorStacks" : true
  • Start DSS
DATADIR/bin/dss start

Hiding version info

By default, the DSS backend sends DSS version information, even to non-logged in users.

This behavior can be disabled in the following way:

  • Stop DSS
DATADIR/bin/dss stop
  • Edit the DATADIR/config/general-settings.json file
  • Locate the "security" top-level key in the JSON file. If it does not exist, create it as an empty JSON object
  • Within “security”, add or edit the following key : "hideVersionStringsWhenNotLogged" : true
  • Start DSS
DATADIR/bin/dss start

Using secure cookies

By default, DSS login cookies do not carry the Secure flag (which would make them unusable over non-secured HTTP connections).

If you configure DSS to using HTTPS for all users, either natively or through a reverse proxy, you can enable the use of secure cookies. This further secures user connections by ensuring the browser never sends the session cookie over unsecured connections.

  • Stop DSS
DATADIR/bin/dss stop
  • Edit the DATADIR/config/general-settings.json file
  • Locate the "security" top-level key in the JSON file. If it does not exist, create it as an empty JSON object
  • Within “security”, add or edit the following key : "secureCookies" : true
  • Start DSS
DATADIR/bin/dss start

Example general-settings.json file

With the previous options enabled, your general-settings.json could look like:

{
  "udr": true,
  "proxySettings": {
    "port": 0
  },
  "mailSettings": {},
  "maxRunningActivitiesPerJob": 5,
  "maxRunningActivities": 5,
  "ldapSettings": {
    "enabled": false,
    "useTls": false,
    "userFilter": "(\u0026(objectClass\u003dposixAccount)(uid\u003d{USERNAME}))",
    "displayNameAttribute": "cn",
    "emailAttribute": "mail",
    "enableGroups": true,
    "groupFilter": "(\u0026(objectClass\u003dposixGroup)(memberUid\u003d{USERNAME}))",
    "groupNameAttribute": "cn",
    "autoImportUsers": true
  },
  "computablesAvailabilityMode": "EXPOSED_ONLY",
  "globalCrossProjectBuildBehaviour": "STOP_AT_BOUNDARIES",
  "noLoginMode": false,
  "sessionsMaxTotalTimeHours": 0,
  "sessionsMaxIdleTimeHours": 0,
  "security" : {
    "hideVersionStringsWhenNotLogged" : true,
    "hideErrorStacks" : true,
    "secureCookies" : true
  }
}