Have an amazing solution built in RAD Studio? Let us know. Looking for discounts? Visit our Special Offers page!

Tech Tip: How do I secure RAD Server for production deployment?

Note: This is not a comprehensive security tutorial for RAD Server merely a tech tip.

There are a number of sections in the emsserver.ini file which can help you secure your RAD Server for production which include Server.APICrossDomain, Console.Login, Server.Authorization. You can limit cross site scripting by changing the CrossDomain setting in Server.APICrossDomain to only allow your domains. You can customize the UserName and Password of the Console.Login section so that only you will be able to log into the console. Finally, you can limit the access to various endpoints on your RAD Server by customizing the settings in the Server.Authorization section. Here is a sample of settings you could add to limit the access to the Users resource:

Users={“public”: false}
Users.LoginUser={“public”: true}
Users.GetUserGroups={“users”: [“*”]}
Users.GetUsers={“groups”: [“Admin”]}
Users.GetUserFields={“groups”: [“Admin”]}
Users.GetUser={“groups”: [“Admin”]}
Users.GetGroup={“groups”: [“Admin”]}
Users.UpdateUser={“groups”: [“Admin”]}
Users.AddUser={“groups”: [“Admin”]}


If the settings are too restrictive you may receive a 401 response from the server in which case you would need to modify your settings to allow that specific API call. Other sections you may want to review for adding more security to your RAD Server deployment are Server.Keys and Server.Connection.Dev where you can add a server wide master secret, app secret, and/or HTTPS.

Head over and check out the full documentation for the RAD Server Authentication section.

This text is an excerpt from the Field Service Template FAQ documentation. Find out more about the Field Service Template in the video:


Reduce development time and get to market faster with RAD Studio, Delphi, or C++Builder.
Design. Code. Compile. Deploy.
Start Free Trial   Upgrade Today

   Free Delphi Community Edition   Free C++Builder Community Edition

Get some love as Delphi turns 26
About author

FMXExpress.com has over 600 articles with all kinds of tips and tricks for Delphi FireMonkey on Android, IOS, OSX, Windows, and Linux.
Related posts
DelphiRAD Studio

Powerful Enterprise-Grade Medical Office Industry Template Source Code For Your Business

DatabaseDelphiInterBaseRAD Studio

Free Source Code: RAD Server Field Services Industry REST API Template Solution For Your Business

DelphiRAD Studio

Powerful RAD Server Hospitality Industry Template Source Code For Your Business

CodeDelphiRAD Studio

Quickly Define APIDocAttributes To Easily Add Documentation To Your RAD Server Solutions

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.