Log in

Security concerns for MDriven Server

From MDrivenWiki

When you install your MDriven Server you get access to it by registering a new user. But there are more things to consider.

In order to secure your model and data and system you can:

  1. Make sure you communicate with MDriven Server over https so that no one can see your passwords and other data that will go over the wire.
  2. Limit what an un-authenticated user of MDriven Server can do.

MDriven security 01.pngMDriven security 02.png

MDriven security 03.pngMDriven security 04.png

In the user admin dialog you can state that the Admin UI require identification – if you do – and you should at some point – make sure you make yourself SuperAdmin so that you do not lock yourself out.

You can also state if the services exposed by the MDriven Server via various web interfaces also require authentication or not. It is likely that you will begin with a relaxed attitude to security and this will ofcourse put less requirements on the users you engage in prototyping etc.

Mind that no security limitations are enforced as long as you run your server in http mode – this is due to the fact that it would force us to send passwords over an open wire and that is considered worse since it may implicate other services you have.