We have BO4.2 SP05 on a development platform along with the bundled Tomcat (8.5.13) and use the BOE/BI, BOE/BILaunchpad and /BOE/CMC applications for webi reporting, also use IDT/UDT and some dashboards.
From security perspective we've been asked if number of interfaces available could be limited.
For instance ca see lots of services listed at http://<servername>/dswsbobje/services/listServices
What is the best way of achieving this but ensuring access to the above applications and business objects enterprise platform and above applications isn't affected adversely.
Had a look in the web.xml file in dswsbobje to see if some configurable parameters such as services.visible which could set to false but would still allow functionality but nothing obvious.