(Created page with "When you install your MDriven Server you get access to it by registering a new user. But there are more things to consider. In order to secure your model and data and system...") |
(Replacing message template with parser tag) |
||
| (11 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
When you install your MDriven Server you | <message>Write the content here to display this box</message> | ||
When you install your MDriven Server, you access it by registering a new user. There are more things to consider, however. | |||
To secure your model and data and system, you can: | |||
# Make sure you communicate with MDriven Server over | # Make sure you communicate with MDriven Server over HTTPS so that no one sees your passwords and other data that will go over the wire. | ||
# Limit what an | # Limit what an unauthenticated user of MDriven Server can do. | ||
[[File:MDriven security 01.png|frameless|252x252px]] ☛ [[File:MDriven security 02.png|frameless|363x363px]] | [[File:MDriven security 01.png|frameless|252x252px]] ☛ [[File:MDriven security 02.png|frameless|363x363px]] | ||
[[File:MDriven security 03.png|frameless]] ☛ [[File:MDriven security 04.png|frameless|422x422px]] | [[File:MDriven security 03.png|frameless]] ☛ [[File:MDriven security 04.png|frameless|422x422px]] | ||
In the user admin dialog | In the user admin dialog, state that the Admin UI requires identification. If you do this – and you should at some point – make sure you make yourself SuperAdmin so you do not lock yourself out. | ||
You can also state | You can also state whether the services exposed by the MDriven Server via various web interfaces require authentication or not. You will likely begin with a relaxed attitude to security - this will put fewer requirements on the users you engage in prototyping etc. | ||
Understand that no security limitations are enforced as long as you run your server in HTTP mode – because this would force us to send passwords over an open wire which is considered unsafe since it may implicate other services you have. | |||
<span class="col-orange">The MDriven Book</span> - '''Next Chapter:''' [[Training:MDrivenServer Summarized|MDrivenServer Summarized]] | |||
[[Category:MDriven Server]] | |||
{{Edited|July|12|2024}} | |||
Latest revision as of 08:03, 17 June 2024
When you install your MDriven Server, you access it by registering a new user. There are more things to consider, however.
To secure your model and data and system, you can:
- Make sure you communicate with MDriven Server over HTTPS so that no one sees your passwords and other data that will go over the wire.
- Limit what an unauthenticated user of MDriven Server can do.
☛ 
☛ 
In the user admin dialog, state that the Admin UI requires identification. If you do this – and you should at some point – make sure you make yourself SuperAdmin so you do not lock yourself out.
You can also state whether the services exposed by the MDriven Server via various web interfaces require authentication or not. You will likely begin with a relaxed attitude to security - this will put fewer requirements on the users you engage in prototyping etc.
Understand that no security limitations are enforced as long as you run your server in HTTP mode – because this would force us to send passwords over an open wire which is considered unsafe since it may implicate other services you have.
The MDriven Book - Next Chapter: MDrivenServer Summarized