Question
Securtity concerns for Pega OOTB Service Packages
After installing Pega as descibed, we notice some out of the box service packages are not secure enough in our opinion.
Looking at the service package DownloadWebJS for example, it is missing the "requires authentication flag". Is there a reason to leave the "requires authentication" unchecked?
On the 7.3.1 environment, there is no authentication required for certain Service Packages, which is not correct and not inline with our security policilies. So the Question is, how to set/manage the Authentication Required for Pega OOTB services packages such that it must not be overwritten when you install an new version of an Application?
Need clarification and guidance on how to manage/improve Pega OOTB service packages which are without any "requires authentication flag".