Magnolia Security Best Practices
Magnolia users frequently ask us about our security best practices. While most of the information is available in our documentation, I’d like to provide a summary of the key things you need to know and top resources to consult.
Create automated tasks in your Magnolia project to ensure basic security configurations are applied.
Deactivate the superuser account and change the default password. Create a new account with the superuser role. Use a name that isn’t easy to guess.
The OS user that executes the webserver (Tomcat) should have read-only access and should not run commands/scripts on the OS level, preventing the injection of Java code to execute commands on the OS level.
On production instances, block access to Magnolia AdminCentral from outside your company network. Use a VPN to access AdminCentral remotely and securely.
Non-public instances, such as the Magnolia author instance, and non-production instances should not be accessible via the public internet either.
While this is the default, verify that the anonymous role is denied access to Magnolia AdminCentral.
When you create interfaces, such as REST endpoints, for your project, set access rights appropriately.
If you use custom APIs, do not share user/password combinations. Use tokens provided by an identity provider (IDP), like Azure, Keycloak, or Okta, instead.
Enforce secure passwords. Thomas Baeddal’s article ‘The Usability of Passwords’ covers the subject in depth.
If you use local user accounts in Magnolia, you can provide a custom field validator to enforce password rules.
Consider implementing SSO for non-trivial infrastructures to manage users in a central place.
If using SSO and if your IDP supports it, implement a password blacklist.
Be careful when creating custom forwards and redirects to other sites.
Implement a backup concept and test it regularly.
Keep your Magnolia instances up to date.
If your project allows, use separate databases for author and public instances.
The repository and all files referenced from Magnolia properties must live outside the web app. You should be able to clean the Magnolia web artifact without losing any data or keys.
External User Management and SSO with Magnolia
Single Sign-On (SSO) allows users to log in to applications using the same credentials for multiple applications, making it easier to manage user accounts across your IT landscape.
Summary and resources
We recommend you implement these best practices before pushing your project live. In addition, you can review the documentation below for more details: