Run Applications Using the Fewest Privileges Possible

Even after all of your web applications have been assessed, tested and purged of the most problematic vulnerabilities, you aren’t in the clear. Every web application has specific privileges on both local and remote computers. These privileges can and should be adjusted to enhance security.

Always use the least permissive settings for all web applications. This means that applications should be buttoned down. Only highly authorized people should be able to make system changes and the like. You might consider including this in your initial assessment. Otherwise, you will have to go back down the entire list adjusting settings again. For the vast majority of applications, only system administrators need complete access. Most other users can accomplish what they need with minimally permissive settings.

In the unlikely event that privileges are adjusted incorrectly for an application and certain users can’t access the features that they need, the problem can be handled when it occurs. It is far better to be too restrictive in this situation than to be too permissive.