Is there a white paper or any other informations regarding the security concept of Xpert.ivy? Regarding security it was once stated that it would be best practice to put an IIS or Apache in front of the Ivy-Server. The Server Guide is pretyy quite on that topic just stating external security systems concerning the Active Directory. Are there more informations? I'm thankful for any assistance. Edit: I know that - generally speaking - it's the task of the application development team to care about security issues, but Xpert.ivy is using a modified Tomcat as server and a lot of tasks like the role and user management is also handled by Xpert.ivy.

Is there a white paper or any other informations regarding the security concept of Xpert.ivy? Regarding security it was once stated that it would be best practice to put an IIS or Apache in front of the Ivy-Server. The Server Guide is pretyy quite on that topic just stating external security systems concerning the Active Directory. Are there more informations? I'm thankful for any assistance.