Security and Privacy

Prio 2 Application Security

• Avoid DoS Attacks

  • The Sling, CQ and dispatcher concept is very vulnerable for DoS Attacks by default

  • Think about generic concept to allow only selectors and suffixes "allowed" by the application (e.g. by regexp patterns)

  • Be compatible with URL fingerprinting concepts of HTML library manager

Prio 2 Cookie Policies

• Allow suppression of "non-technical" cookies by uses / cookie warnings

• Research the capabilities of the new built-in Cookie Management features of CQ6 first