In this chapter, we discuss strategies for securing your OFBiz installation and web applications ("webapps"). Such strategies take many forms allowing you, the OFBiz owner, maximum flexibility in designing and deploying the security policies that make the most sense for your business needs.
To begin with, OFBiz is distributed with a minimum of security features turned on. This is intentional to facilitate ease of initial software evaluation, customization, and testing. When your deployment requirements are known, security controls may be applied as required. While there are not many out-of-the-box security configuration settings that should be attended to before going into production, it is highly recommended that, at a minimum, you consider changing the default HyperText Transfer Protocol (HTTP) and HyperText Transfer Protocol Secure (HTTPS) communications ports and disabling demonstration login accounts.
Beyond these basic administrative security tasks, we shall also introduce...