Skip navigation

security enhancements: implement additional web security features

score 180
You have not voted. Below Review Threshold

Several our customers recently had security audits. During these, the auditors noticed, that some security features are not implemented for MidTier, SmartIT/MyIT and RSSO and implementing these would increase security.

We asked BMC on their plans to implement these features and they recommended to created an idea so that this subject gets more attention.


So the idea is about to implement following features in the RSSO/Midtier/SmartIt/Digital workplace applications:


1) Security-Flag httpOnly in cookies, currently only JSESSION cookie in miditier has this flag

HTTP cookies - HTTP | MDN


2) SameSite Flag (cookie attribute)

Set-Cookie - HTTP | MDN


3) Referrer-Policy Header

Referrer-Policy - HTTP | MDN


4) Content Security Policy Headers (CSP)

Content-Security-Policy - HTTP | MDN

Content Security Policy (CSP) - HTTP | MDN


Vote history