- Campaign v7 documentation
- Latest updates
- Release Notes
- Get started
- Start with Adobe Campaign
- Privacy
- Profile management
- Import and export data
- Filter data
- Create queries
- Permissions
- Data packages and enumerations
- Connectors
- Create and send messages
- Get started with messages
- Key steps when creating a delivery
- Send emails
- Send SMS
- Send LINE messages
- Send push notifications
- Send direct mail
- Use delivery templates
- Personalize deliveries
- Use seed addresses
- A/B testing
- Services and subscriptions
- Monitor deliveries
- Track messages
- Deliverability management
- Content management module
- Orchestrate marketing campaigns
- Marketing Resource Management
- Distributed marketing
- Response manager
- Design and share reports
- Design web content
- Create online surveys
- Integrate with Adobe Experience Cloud
- Automate with workflows
- Get started with workflows
- Execute a workflow
- Targeting activities
- Flow control activities
- Action activities
- About action activities
- Delivery
- Delivery control
- Continuous delivery
- Recurring delivery
- Cross-channel deliveries
- Local approval
- Data loading (RDBMS)
- Loading (SOAP)
- Data loading (file)
- Content Management
- Data extraction (file)
- SQL code and JavaScript code
- SQL Data Management
- Nlserver module
- Update aggregate
- Event activities
- Use cases
- Monitor workflows
- Advanced management
- Manage Offers
- Transactional Messaging
- Integrate with social media
- Installation and configuration guide
- Architecture principles
- Deployment types
- Security and privacy settings
- Install Campaign (on-premise)
- Deploy Campaign (on-premise)
- Configure Campaign
- Connect to Campaign
- Connect Campaign to external systems
- Configure external accounts
- Configure Federated Data Access
- Get started with Federated Data Access
- Best practices and limitations
- Configuration guidelines
- Configuration steps
- Configure Amazon Redshift
- Configure Azure Synapse
- Configure Google BigQuery
- Configure Hadoop
- Configure Microsoft SQL Server
- Configure Netezza
- Configure Oracle
- Configure PostgreSQL
- Configure SAP HANA
- Configure Snowflake
- Configure Sybase IQ
- Configure Teradata
- Configure Vertica Analytics
- Remote access rights
- Connect to the database
- Create the data schema
- Define data mapping
- Appendices
- Monitoring guide
- Developers guide
- Technotes
- Campaign Control Panel
Security and privacy checklist
This section will introduce you to the key elements to check regarding security and privacy. Some configurations can only be performed by on-premise customers.
Privacy
Privacy configuration and hardening is a key element of security optimization. Here are some best practices to follow regarding privacy:
- Protect your customer PII by using HTTPS instead of HTTP
- Use PII view restriction to protect privacy and prevent data from being misused.
- Make sure that encrypted passwords are restricted.
- Protect the pages that might contain personal information such as mirror pages, web applications, etc.
Access management
Access management is an important part of security hardening. Here are some of the main best practices:
- Create enough security groups
- Check that each operator has the appropriate access rights
- Avoid using the admin operator and avoid having too many operators in the admin group
Scripting and coding guidelines
When developing in Adobe Campaign (workflows, Javascript, JSSP, etc.), always follow these guidelines:
-
Scripting: try to avoid SQL statements, use parameterized functions instead of string concatenation, avoid SQL injection by adding the SQL functions to use to the allowlist.
-
Secure the data model: use named rights to limit operator actions, add system filters (sysFilter)
-
Add captchas in web applications: learn how to add captchas in your public landing pages and subscription pages.
Network, database and SSL/TLS
A very important thing to check when deploying an on-premise type of architecture is the networking configuration.
It is also imperative that you follow your database engine security.
Starting July 14, 2021 any client systems that do not support the TLS 1.2 protocol will lose access to all Adobe products and services. Ensure that all user and client systems are TLS 1.2 compliant before this date. Learn more
Server configuration
Configuration has to be performed on all servers. The configuration files are of the type serverConf.xml and config-<instance>.xml. Here are the key elements that need to be verified:
-
Security zones: Configure security zones so that they directly take into account the IP addresses of clients of a proxy.
-
File upload protection: limit the types of files that can be uploaded to the Adobe Campaign server using a new uploadAllowList attribute. This can be used in the server configuration file.
-
Relay: fine tune the relay configuration by deactivating the relay rules for unused modules/applications.
-
Outgoing connection protection and Command restriction (server-side)
-
You can also add extra HTTP headers, activate checkIPConsistent, enableTLS, sessionTimeOutSec, etc. Refer to the Campaign server configuration documentation and the Server configuration file description for more information.
Web-server configuration
Several best practices should be followed when configuring your web-server (Apache/IIS):
- Disable old SSL version and ciphers
- Remove the TRACE method
- Remove the banner
- Limit query size to prevent important files from being uploaded
Resources
Adobe Account
