One of our customer did a comprehensive InfoSec audit to validate Archibus as a safe product. One medium point was about the logs that one can view from SmartClient. They seems to disclose too much data (server version), especially when errors occur (jdk version, tomcat version, etc.)
It would be nice to raise security, here are some hints :
- password protect logs viewing
- have verbose levels
- have a server settings / rights to hide "view logs" buttons (security group ?)