Security/Collab: Difference between revisions
(Perhaps the start of a pseudo faq?) |
(→Odds and Ends: add note on OS patches) |
||
| Line 13: | Line 13: | ||
Here are a few questions that come up from time to time... | Here are a few questions that come up from time to time... | ||
=== An OS Patch/Bug/Vulnerability was announced, is Zimbra affected? === | |||
Best practice dictates that you '''always stay up to date with vendor provided OS patches'''. Also, be sure to follow OS recommended best practices when applying patches (e.g. restarting affected services, tools like '''needs-restarting''', '''needrestart''' and '''checkrestart''' may be helpful when trying to understand which processes are using files that were replaced by a patch). When in doubt about the status of a system after a patch, go ahead and '''reboot''' to ensure the patches take effect. | |||
=== The ZM_TEST cookie does not set the HttpOnly attribute, is this a problem? === | |||
The ZM_TEST cookie in ZCS is used solely to determine if cookies are enabled a the browser. There are no privileges associated with that cookie. As such, there is no inherent risk with not having an HttpOnly attribute on this cookie. | |||
Revision as of 14:32, 18 February 2016
Security Pointers and Tidbits
The main jumping point for security is the Security Center.
Release Specific Settings
Odds and Ends
Here are a few questions that come up from time to time...
An OS Patch/Bug/Vulnerability was announced, is Zimbra affected?
Best practice dictates that you always stay up to date with vendor provided OS patches. Also, be sure to follow OS recommended best practices when applying patches (e.g. restarting affected services, tools like needs-restarting, needrestart and checkrestart may be helpful when trying to understand which processes are using files that were replaced by a patch). When in doubt about the status of a system after a patch, go ahead and reboot to ensure the patches take effect.
The ZM_TEST cookie does not set the HttpOnly attribute, is this a problem?
The ZM_TEST cookie in ZCS is used solely to determine if cookies are enabled a the browser. There are no privileges associated with that cookie. As such, there is no inherent risk with not having an HttpOnly attribute on this cookie.
