Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Pega Process Fabric Hub security dynamic system settings

Updated on November 9, 2021

The Pega Process Fabric Hub includes a set of dynamic system setting rules that increase the security of connections between your applications and the Pega Process Fabric Hub. As a result, you secure your application from any unauthorized or unauthenticated resources.

The following table lists the security dynamic system settings that your system receives when you install the Pega Process Fabric Hub.
Note: The default values are recommended values to increase the security of your applications that you register with the Pega Process Fabric Hub. Dynamic system settings are system-wide and might affect other applications that you deploy on the same system as the Pega Process Fabric Hub. Before you move your applications to the production environment, conduct thorough testing to ensure that all your applications operate correctly.
Dynamic system settingDefault valueDescriptionCategory
prconfig/HTTP/SetSecureCookie/defaulttruePrevents the exposure of the session ID cookie and also prevents session hijacking as the browser sends cookies only across SSL protocols.Security
prconfig/initialization/DisableAutoComplete/defaulttruePrevents client-side storage of user name and password combinations. Use this setting when you clear any existing stored sensitive information in the browser.Browser data
prconfig/initialization/PromoteEmbeddedPortals/defaulttruePrevents additional invisible frames that can contain malicious code from embedding the Pega Platform HTML frame.Browser data
prconfig/security/showSQLInListPage/defaultfalseSuppresses the visibility of generated SQL on the clipboard page.Security
security/enableJavaInjectionMitigationtrueEnables Java mitigation detection for all ruleset versions.Security
Additionally, after you install the Pega Process Fabric Hub, when you enable the cross-site request forgery (CSRF) migration, the system automatically updates the following CSRF-related dynamic system settings:
  • security/csrf/allowReferrersWithExactMatchOnly
  • security/csrf/validreferers
  • security/csrf/allowedStreams
  • security/csrf/allowedActivities
  • security/csrf/securedStreams
  • security/csrf/securedActivities
  • security/csrf/enableWhitelistReferrer
  • security/csrf/secureall
  • security/csrf/mitigation
Note: For the security/csrf/allowReferrersWithExactMatchOnly CSRF-related dynamic system setting, ensure that the value is false. For the remaining settings, ensure that the values match your needs.
For more information about CSRF, see Understanding Cross-Site Request Forgery (CSRF).
  • Previous topic Updating the Pega Process Fabric Hub keystore
  • Next topic Remote applications in the Pega Process Fabric Hub

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us