Security concerns for MDriven Server

When you install your MDriven Server, access it by registering a new user. There are more things to consider, however.

To secure your model and data and system, you can:

  1. Make sure you communicate with MDriven Server over HTTPS so that no one sees your passwords and other data that will go over the wire.
  2. Limit what an unauthenticated user of MDriven Server can do.

MDriven security 01.pngMDriven security 02.png

MDriven security 03.pngMDriven security 04.png

In the user admin dialog, state that the Admin UI requires identification. If you do this – and you should at some point – make sure you make yourself SuperAdmin so you do not lock yourself out.

You can also state whether the services exposed by the MDriven Server via various web interfaces require authentication or not. You will likely begin with a relaxed attitude to security - this will put fewer requirements on the users you engage in prototyping etc.

Understand that no security limitations are enforced as long as you run your server in HTTP mode – because this would force us to send passwords over an open wire which is considered unsafe since it may implicate other services you have.

The MDriven Book - Next Chapter: MDrivenServer Summarized

This page was edited 42 days ago on 10/02/2024. What links here