Training:Security concerns for MDriven Server: Difference between revisions

Security concerns for MDriven Server

Revision as of 07:07, 8 February 2023

When you install your MDriven Server, you get access to it by registering a new user. There are more things to consider, however.

To secure your model and data and system, you can:

Make sure you communicate with MDriven Server over HTTPS so that no one can see your passwords and other data that will go over the wire.
Limit what an unauthenticated user of MDriven Server can do.

☛

In the user admin dialog, you can state that the Admin UI requires identification. If you do this – and you should at some point – make sure you make yourself SuperAdmin so that you do not lock yourself out.

You can also state whether the services exposed by the MDriven Server via various web interfaces require authentication or not. You will likely begin with a relaxed attitude to security and this will put fewer requirements on the users you engage in prototyping etc.

Understand that no security limitations are enforced as long as you run your server in HTTP mode – this is due to the fact that it would force us to send passwords over an open wire and this is considered unsafe since it may implicate other services you have.

This page was edited more than 9 months ago on 04/02/2024. What links here

@@ Line 1: / Line 1: @@
-When you install your MDriven Server you get access to it by registering a new user. But there are more things to consider.
+When you install your MDriven Server, you get access to it by registering a new user. There are more things to consider, however.
-In order to secure your model and data and system you can:
+To secure your model and data and system, you can:
-# Make sure you communicate with MDriven Server over https so that no one can see your passwords and other data that will go over the wire.
+# Make sure you communicate with MDriven Server over HTTPS so that no one can see your passwords and other data that will go over the wire.
-# Limit what an un-authenticated user of MDriven Server can do.
+# Limit what an unauthenticated user of MDriven Server can do.
 [[File:MDriven security 01.png|frameless|252x252px]]                                ☛                                     [[File:MDriven security 02.png|frameless|363x363px]]
 [[File:MDriven security 03.png|frameless]]                     ☛                                   [[File:MDriven security 04.png|frameless|422x422px]]
-In the user admin dialog you can state that the Admin UI require identification – if you do – and you should at some point – make sure you make yourself SuperAdmin so that you do not lock yourself out.
+In the user admin dialog, you can state that the Admin UI requires identification. If you do this – and you should at some point – make sure you make yourself SuperAdmin so that you do not lock yourself out.
-You can also state if the services exposed by the MDriven Server via various web interfaces also require authentication or not. It is likely that you will begin with a relaxed attitude to security and this will ofcourse put less requirements on the users you engage in prototyping etc.
+You can also state whether the services exposed by the MDriven Server via various web interfaces require authentication or not. You will likely begin with a relaxed attitude to security and this will put fewer requirements on the users you engage in prototyping etc.
-Mind that no security limitations are enforced as long as you run your server in http mode – this is due to the fact that it would force us to send passwords over an open wire and that is considered worse since it may implicate other services you have.
+Understand that no security limitations are enforced as long as you run your server in HTTP mode – this is due to the fact that it would force us to send passwords over an open wire and this is considered unsafe since it may implicate other services you have.
 [[Category:MDriven Server]]