Training:Security concerns for MDriven Server: Difference between revisions

Security concerns for MDriven Server

Latest revision as of 06:46, 2 April 2024

When you install your MDriven Server, you access it by registering a new user. There are more things to consider, however.

To secure your model and data and system, you can:

Make sure you communicate with MDriven Server over HTTPS so that no one sees your passwords and other data that will go over the wire.
Limit what an unauthenticated user of MDriven Server can do.

☛

In the user admin dialog, state that the Admin UI requires identification. If you do this – and you should at some point – make sure you make yourself SuperAdmin so you do not lock yourself out.

You can also state whether the services exposed by the MDriven Server via various web interfaces require authentication or not. You will likely begin with a relaxed attitude to security - this will put fewer requirements on the users you engage in prototyping etc.

Understand that no security limitations are enforced as long as you run your server in HTTP mode – because this would force us to send passwords over an open wire which is considered unsafe since it may implicate other services you have.

The MDriven Book - See: MDrivenServer Summarized

This page was edited more than 11 months ago on 04/02/2024. What links here

@@ Line 1: / Line 1: @@
-When you install your MDriven Server you get access to it by registering a new user. But there are more things to consider.
+When you install your MDriven Server, you access it by registering a new user. There are more things to consider, however.
-In order to secure your model and data and system you can:
+To secure your model and data and system, you can:
-# Make sure you communicate with MDriven Server over https so that no one can see your passwords and other data that will go over the wire.
+# Make sure you communicate with MDriven Server over HTTPS so that no one sees your passwords and other data that will go over the wire.
-# Limit what an un-authenticated user of MDriven Server can do.
+# Limit what an unauthenticated user of MDriven Server can do.
 [[File:MDriven security 01.png|frameless|252x252px]]                                ☛                                     [[File:MDriven security 02.png|frameless|363x363px]]
 [[File:MDriven security 03.png|frameless]]                     ☛                                   [[File:MDriven security 04.png|frameless|422x422px]]
-In the user admin dialog you can state that the Admin UI require identification – if you do – and you should at some point – make sure you make yourself SuperAdmin so that you do not lock yourself out.
+In the user admin dialog, state that the Admin UI requires identification. If you do this – and you should at some point – make sure you make yourself SuperAdmin so you do not lock yourself out.
-You can also state if the services exposed by the MDriven Server via various web interfaces also require authentication or not. It is likely that you will begin with a relaxed attitude to security and this will ofcourse put less requirements on the users you engage in prototyping etc.
+You can also state whether the services exposed by the MDriven Server via various web interfaces require authentication or not. You will likely begin with a relaxed attitude to security - this will put fewer requirements on the users you engage in prototyping etc.
-Mind that no security limitations are enforced as long as you run your server in http mode – this is due to the fact that it would force us to send passwords over an open wire and that is considered worse since it may implicate other services you have.
+Understand that no security limitations are enforced as long as you run your server in HTTP mode – because this would force us to send passwords over an open wire which is considered unsafe since it may implicate other services you have.
+The MDriven Book - See: [[Training:MDrivenServer Summarized|MDrivenServer Summarized]]
+[[Category:MDriven Server]]
+{{Edited|July|12|2024}}