WSO2 Enterprise Store 1.0.0: security

Question

In WSO2 Enterprise Store 1.0.0 there is a lack of security on some aspects.

For example: several public files contain sensitive data as the location and clear password of keystores:

I'm still trying to figure why these data are needed on client side...

Is there any configuration setting to solve this issue?

score 1 · Answer 1 · answered Jan 29 '14 at 13:25

1

You can solve this issue by adding following URL mapping to the jaggery.conf inside both publisher and store apps.

{
 "url": "/config/*",
 "path": "/"
}

answered Jan 29 '14 at 13:25

udarakr

Should not be the default setting? – mimaen Jan 29 '14 at 19:55
yes, you can find the commit here https://github.com/wso2/enterprise-store/commit/e068416c0a5bec252ac5d949187a685096794eab – udarakr Jan 30 '14 at 12:02

1 Answers1