Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Security and Trust

Security Hardening

search

Please Note:

Security Hardening

CCC includes built-in security hardening to strengthen protection against common web application and authentication-related risks. Recent changes focus on improving validation of REST API requests and tightening controls around authentication redirects. These measures are enforced internally and are enabled by default.

REST API Endpoint Hardening

CCC validates and sanitizes REST API request paths to ensure that only supported application resources can be accessed. Requests that attempt to reference resources outside the intended application context are automatically rejected. This validation applies uniformly across CCC REST API endpoints and does not affect valid or supported requests.

Authentication Redirect Validation

CCC uses Keycloak for user authentication and enforces strict validation of redirect destinations during the login process to prevent unauthorized redirection, token leakage, and phishing attacks. This behavior is controlled by the RESTRICT_HOSTNAME configuration flag. When set to Y (recommended), CCC enforces redirect validation and permits only explicitly approved and trusted redirect destinations. When set to N, redirect hostname validation is disabled, reducing protection against redirect-based attacks and should be used only in non-hardened or exceptional deployment scenarios.

Enforcement Behavior

The security controls described on this page are enforced by default and do not require additional configuration. They are applied transparently during normal operation and do not introduce changes to supported workflows or deployment models.

Scope of Hardening

These hardening measures apply to CCC and are implemented as part of its security maintenance. They are designed to reduce the risk of unauthorized resource access and authentication misuse without changing normal system operation or expected functionality. These measures complement CCC’s broader security capabilities, including federated authentication and multi-factor authentication (MFA), which are configured in accordance with customer identity and access management policies.

On this page