Adobe Experience Manager (AEM)

Security

By default, Adobe Experience Manager has pretty much everything enabled. When deploying to production, these items should be checked in addition to other precautions.

  • Change administrative passwords
    • CRX
    • Apache Felix Console
  • Disable WebDav
  • Restrict access using the Dispatcher
  • Check for cross-site scripting (XSS)

More info

http://dev.day.com/docs/en/cq/current/deploying/security_checklist.html

http://dev.day.com/docs/en/cq/current/deploying/dispatcher.html