Best Practices for Securing Your PTC Arbortext Content Delivery Solution

PTC Arbortext Content Delivery Deployment > Best Practices for Securing Your PTC Arbortext Content Delivery Solution

This section provides basic actions that you can take to secure your PTC Arbortext Content Delivery solution.

This information is provided only to assist you with the secure configuration of PTC Arbortext Content Delivery. PTC does not provide support for any third-party products mentioned in this section, nor is PTC responsible for your security infrastructure.

Best Practice Steps

1. Configure the web server to use HTTPS. HTTPS uses the Secure Socket Layer/Transport Layer Security (SSL/TLS) to protect web application data from unauthorized disclosure and modification when it is transmitted between the browser (client) and the web server.

For more information about setting up your web server for HTTPS, see Configuring SSL for the Web Application Server

2. Establish a strong password policy for your PTC Arbortext Content Delivery solution. Strong passwords have the following characteristics:

◦ Have a minimum password length.

◦ Contain uppercase, lowercase, numeric, and special characters.

◦ Do not contain the user name or the name of the organization.

◦ Have an expiration.

◦ Include account lockout feature after a specified number of login attempts.

3. Change the passwords of default accounts created during data loading. When setting a new password, use a strong password by following the strong password characteristics.

4. Remove the following from the PTC Arbortext Content Delivery web-accessible directories on a production server:

◦ Implementation examples

◦ Sample code

◦ API documentation

5. Ensure that the Directory Listing is disabled on your web server.