7.0
Table Of Contents
- View Security
- Contents
- View Security
- View Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure View Environment
- HTTP Protection Measures on Connection Servers and Security Servers
- Index
If clients will be connecting through Access Point, you must specify the Access Point addresses in the file
locked.properties. Port 443 is assumed for these addresses. For example:
portalHost.1=access-point-name-1
portalHost.2=access-point-name-2
Do the same if you want to provide access to a Connection Server or security server by a name that is
different from the one that is specified in the External URL.
When this option is enabled, connections to View can be made only to the address given in the external
URL, to the balancedHost address, any portalHost address, or to localhost.
Other Protection Measures
Besides the Internet Engineering Task Force standards, View employs other measures to protect
communication that uses the HTTP protocol.
Reducing MIME Type Security Risks
By default, View sends the header x-content-type-options: nosniff in its HTTP responses to help prevent
attacks based on MIME-type confusion.
You can disable this feature by adding the following entry to the file locked.properties:
x-content-type-options=OFF
Mitigating Cross-Site Scripting Attacks
By default, View employs the XSS (cross-site scripting) Filter feature to mitigate cross-site scripting attacks
by sending the header x-xss-protection=1; mode=block in its HTTP responses.
You can disable this feature by adding the following entry to the file locked.properties:
x-xss-protection=OFF
Content Type Checking
By default, View accepts requests with the following declared content types only:
n
application/x-www-form-urlencoded
n
application/xml
n
text/xml
NOTE In earlier releases, this protection was disabled by default.
To restrict the content types that View accepts, add the following entry to the file locked.properties:
acceptContentType.1=content-type
For example:
acceptContentType.1=x-www-form-urlencoded
To accept another content type, add the entry acceptContentType.2=content-type, and so on
To accept requests with any declared content type, specify acceptContentType=*.
Changing this list does not affect connections to View Administrator.
View Security
36 VMware, Inc.