This section will introduce you to the key elements to check regarding security and privacy. Some configurations can only be performed by on-premise customers.
Privacy configuration and hardening is a key element of security optimization. Here are some best practices to follow regarding privacy:
Access management is an important part of security hardening. Here are some of the main best practices:
When developing in Adobe Campaign (workflows, Javascript, JSSP, etc.), always follow these guidelines:
Scripting: try to avoid SQL statements, use parameterized functions instead of string concatenation, avoid SQL injection by adding the SQL functions to use to the allowlist.
Secure the data model: use named rights to limit operator actions, add system filters (sysFilter)
Add captchas in web applications: learn how to add captchas in your public landing pages and subscription pages.
A very important thing to check when deploying an on-premise type of architecture is the networking configuration.
It is also imperative that you follow your database engine security.
Starting July 14, 2021 any client systems that do not support the TLS 1.2 protocol will lose access to all Adobe products and services. Ensure that all user and client systems are TLS 1.2 compliant before this date. Learn more
Configuration has to be performed on all servers. The configuration files are of the type serverConf.xml and config-<instance>.xml
. Here are the key elements that need to be verified:
Security zones: Configure security zones so that they directly take into account the IP addresses of clients of a proxy.
File upload protection: limit the types of files that can be uploaded to the Adobe Campaign server using a new uploadAllowList attribute. This can be used in the server configuration file.
Relay: fine tune the relay configuration by deactivating the relay rules for unused modules/applications.
Outgoing connection protection and Command restriction (server-side)
You can also add extra HTTP headers, activate checkIPConsistent, enableTLS, sessionTimeOutSec, etc. Refer to the Campaign server configuration documentation and the Server configuration file description for more information.
Several best practices should be followed when configuring your web-server (Apache/IIS):