RAD Studio 10.4.1 is now available! Learn more. Looking for discounts? Visit our Special Offers page!
Delphi

Tech Tip: How do I secure RAD Server for production deployment?

Note: This is not a comprehensive security tutorial for RAD Server merely a tech tip.

There are a number of sections in the emsserver.ini file which can help you secure your RAD Server for production which include Server.APICrossDomain, Console.Login, Server.Authorization. You can limit cross site scripting by changing the CrossDomain setting in Server.APICrossDomain to only allow your domains. You can customize the UserName and Password of the Console.Login section so that only you will be able to log into the console. Finally, you can limit the access to various endpoints on your RAD Server by customizing the settings in the Server.Authorization section. Here is a sample of settings you could add to limit the access to the Users resource:

Users={“public”: false}
Users.LoginUser={“public”: true}
Users.GetUserGroups={“users”: [“*”]}
Users.GetUsers={“groups”: [“Admin”]}
Users.GetUserFields={“groups”: [“Admin”]}
Users.GetUser={“groups”: [“Admin”]}
Users.GetGroup={“groups”: [“Admin”]}
Users.UpdateUser={“groups”: [“Admin”]}
Users.AddUser={“groups”: [“Admin”]}

 

If the settings are too restrictive you may receive a 401 response from the server in which case you would need to modify your settings to allow that specific API call. Other sections you may want to review for adding more security to your RAD Server deployment are Server.Keys and Server.Connection.Dev where you can add a server wide master secret, app secret, and/or HTTPS.

Head over and check out the full documentation for the RAD Server Authentication section.

This text is an excerpt from the Field Service Template FAQ documentation. Find out more about the Field Service Template in the video:


 



Reduce development time and get to market faster with RAD Studio, Delphi, or C++Builder.
Design. Code. Compile. Deploy.
Start Free Trial   Upgrade Today

   Free Delphi Community Edition   Free C++Builder Community Edition

About author

FMXExpress.com has over 600 articles with all kinds of tips and tricks for Delphi FireMonkey on Android, IOS, OSX, Windows, and Linux.
Related posts
DelphiShowcase

Archaeological Museum Utilizes Powerful RAD Server And Beacon Fence Solution With Delphi

News

Using InterBase ToGo to Secure Mobile Data

C++CodeDatabaseDelphiRAD Studio

Learn How To Create A RAD Server With "David I" Intersimone In Delphi And C++

C++DelphiRAD Studio

Learn About Quickly Building REST Applications Using The Powerful RAD Server In Delphi/C++ Builder

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

IN THE ARTICLES