More actions
Up Secure

Additional steps

Last modified on August 15, 2012 17:20
Contents

We've covered the basics of authentication and authorization previously, but there are still additional steps you can take in building and deploying a secure application.  We've broken these down into configuration-related opportunities - considerations which can be addressed through the deployment configuration; and coding-relating - additional choices you can make in your code.



Configuration

Use SSL to secure communications.  The default DevForce configuration will automatically use a secure transport if you specify a URL beginning with https in the objectServer tag.  If your Silverlight application was downloaded via a URL beginning with https, then communications to the EntityServer will use a secure transport.  See here for more information on configuring SSL in IIS.

Disallow access to the debug log file.  In IIS, unless you restrict access, anyone can browse to your debuglog.xml file and discover much more about your application than you probably want to share.  To see if your debug log is browsable, just point your internet browser to it - for example http://localhost/badgolf/log/debuglog.xml.  Blocking access is easy and there are many ways to do it; here are a few options:   1) change the logFile path to a secure folder outside of the IIS application folder, 2) turn off all NTFS permissions to the log folder except as required by the application pool account to create and append to the file, or 3) disable all IIS authentications for the folder. 

In a client application, you may want to turn off the debug log altogether if it's not possible to secure the folder.

Use a database account with appropriate privileges.  The userid defined in the database connection string should not be an administrator or DBA account. 

Protect the configuration file.   You can encrypt configuration sections, such as the connectionStrings and ideablade.configuration sections, to limit unauthorized access.  See here for more information.  (To encrypt the ideablade.configuration section, make sure that the section definition contains the fully-qualified assembly name.)

Consider encrypting database connections.  See here for more information on encrypted SQL Server connections.

Do not publish service metadata.  By default metadata publishing is disabled for DevForce services.  If you enabled it for any reason, be sure to turn it off when you deploy your application.

Disable anonymous access in IIS if only authenticated users may access your application.

Do not use a "wide open" client access policy.  If you do not support cross domain access, remove the clientaccesspolicy.xml and/or crossdomain.xml files.  If cross domain access is needed, lock down the access granted.  Note that the sample file provided by DevForce is "wide open" and is intended as a starter sample only.

Coding

Send less detailed error messages to the client.  Although during development you want detailed error messages to help in diagnosing problems, your client applications should not receive error messages from the server which might contain detailed or sensitive information.  Implement a custom EntityServerErrorInterceptor to examine and optionally replace the exception to be sent to the client.

Do not store connection strings in a client config file.  If the application is an n-tier application the connection information is unnecessary, as only the EntityServer requires connection information.  In a 2-tier application, consider using a custom DataSourceKeyResolver, which although not completely secure because your code can be disassembled, may still be more secure than the .config file.

Encrypt sensitive files.  If you save an EntityCacheState or other sensitive information to the file system or Isolated Storage, consider encrypting it.  Here's a sample.

Consider logging for audit purposes.

Consider the entity model exposure.  The client application can be easily disassembled to see the entire generated entity model.  Do you really want that User entity exposed?  If you are using custom authentication with your own user database, consider not including these tables in your entity model, or creating a separate server-only entity model just for authentication purposes.

Consider WCF security.   Depending on the URL, DevForce will default to either non-secure communications or transport security with SSL.  For additional security requirements you can configure both client and service security using configuration file settings, or by implementing custom ServiceHostEvents and ServiceProxyEvents classes.


Tags: Security
Created by DevForce on February 17, 2011 14:33

Navigation

Tag Cloud

  1. Data Binding
  2. Data Sources
  3. Design Views
  4. Validation
  5. Anonymous
  6. Architecture
  7. ASP.NET
  8. Asynchronous
  9. Attach
  10. Azure
  11. CacheQueryOptions
  12. Caching
  13. Closure
  14. Cocktail
  15. code first
  16. Code Generation
  17. Code Sample
  18. Concurrency
  19. Configure
  20. Cookbook
  21. Coroutine
  22. Create
  23. Debug
  24. Delete
  25. Deploy
  26. DevForce 2012
  27. DevForce-Caliburn framework
  28. Disconnect
  29. Discovery
  30. Display
  31. Dynamic query
  32. EDM
  33. EDMX
  34. Entity cache
  35. Entity Framework
  36. EntityAspect
  37. EntityCache
  38. EntityKey
  39. EntityKeyQuery
  40. EntityManager
  41. EntityProperty
  42. EntityQuery
  43. EntityQueryOperation
  44. EntitySaveOperation
  45. EntityServer
  46. EntityServerSaveInterceptor
  47. EntityState
  48. EntityVersion
  49. ESQL
  50. Exception
  51. Extensibility
  52. Extension
  53. Faking
  54. Fetching
  55. FetchStrategy
  56. IIS
  57. Include
  58. Interception
  59. iOS
  60. IVerifierProvider
  61. JavaScript
  62. LINQ
  63. Localization
  64. Log
  65. MEF
  66. MergeStrategy
  67. Metadata
  68. MetadataType
  69. Model
  70. Multi-threading
  71. MVVM
  72. Navigation
  73. Object Mapping
  74. ObjectDataSource
  75. OData
  76. Offline
  77. Paging
  78. Performance
  79. Persistence
  80. POCO
  81. Predicate
  82. PredicateBuilder
  83. PredicateDescription
  84. Prism
  85. Property Interceptors
  86. PropertySortSelector
  87. Push
  88. Query
  89. Query cache
  90. Query Inversion
  91. QueryStrategy
  92. Refetch
  93. Refresh
  94. Release Notes
  95. Sample Application
  96. Save
  97. SaveOptions
  98. SaveResult
  99. SaveStatus
  100. Saving
  101. Security
  102. Serialization
  103. Silverlight
  104. Stored Procedure
  105. Telerik
  106. Template
  107. Test
  108. ToQuery
  109. Tour
  110. Transactions
  111. Troubleshooting
  112. Validation
  113. Verifier
  114. VerifierEngine
  115. Video
  116. Visual Studio
  117. WCF
  118. WinForms
  119. WIP
  120. WPF

Spaces

 | 2009Documentation | Documentation

This wiki is licensed under a Creative Commons 2.0 license. XWiki Enterprise 3.2 - Documentation. Copyright © 2015 IdeaBlade