Google Git
Sign in
apache / usergrid / 1684a64e408212be47a653e8d64ded06573a3312 / . / content / docs / security-and-auth / securing-your-app.html
blob: 99aee729d3dc357a33b0f9941323c8ef09edd1b9 [file] [log] [blame]
<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Security best practices &mdash; Apache Usergrid 1.0 documentation</title>
<link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
<link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/>
<link rel="next" title="User management &amp; social graph" href="../user-management/user-management.html"/>
<link rel="prev" title="Facebook sign in" href="facebook-sign.html"/>
<script src="../_static/js/modernizr.min.js"></script>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-nav-search">
<a href="../index.html" class="icon icon-home"> Apache Usergrid
</a>
<div class="version">
1.0
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<p class="caption"><span class="caption-text">Getting Started</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../introduction/overview.html">Getting Started</a></li>
<li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li>
<li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li>
<li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li>
</ul>
<p class="caption"><span class="caption-text">Using Usergrid</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-account.html">Creating a Usergrid Account</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-a-new-application.html">Creating a new application</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-a-sandbox-app.html">Using a Sandbox Application</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-the-api.html">Using the API</a></li>
</ul>
<p class="caption"><span class="caption-text">Data Storage</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li>
<li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li>
<li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li>
<li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li>
</ul>
<p class="caption"><span class="caption-text">Data Queries</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li>
<li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters &amp; clauses</a></li>
<li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators &amp; data types</a></li>
<li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li>
</ul>
<p class="caption"><span class="caption-text">Entity Connections</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li>
<li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li>
<li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li>
</ul>
<p class="caption"><span class="caption-text">Push Notifications</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/overview.html">Push notifications overview</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/adding-push-support.html">Adding push notifications support</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/getting-started.html">Getting started with push notifications</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/tutorial.html">Tutorial: Push notifications sample app</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/registering.html">Registering with a notification service</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-notifiers.html">Creating notifiers</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/managing-users-and-devices.html">Managing users and devices</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-and-managing-notifications.html">Creating and managing notifications</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/troubleshooting.html">Troubleshooting</a></li>
</ul>
<p class="caption"><span class="caption-text">Security &amp; Authentication</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="app-security.html">Security &amp; token authentication</a></li>
<li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li>
<li class="toctree-l1"><a class="reference internal" href="using-roles.html">Using roles</a></li>
<li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users &amp; app clients</a></li>
<li class="toctree-l1"><a class="reference internal" href="user-authentication-types.html">Authentication levels</a></li>
<li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li>
<li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li>
<li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li>
<li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="">Security best practices</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#never-use-the-sandbox-for-a-production-app">Never use the &#8216;sandbox&#8217; for a production app</a></li>
<li class="toctree-l2"><a class="reference internal" href="#review-permissions-in-your-apps">Review permissions in your apps</a></li>
<li class="toctree-l2"><a class="reference internal" href="#edit-the-default-role">Edit the &#8216;default&#8217; role</a></li>
<li class="toctree-l2"><a class="reference internal" href="#use-https">Use https</a></li>
<li class="toctree-l2"><a class="reference internal" href="#acquire-access-tokens-in-a-secure-way">Acquire access tokens in a secure way</a></li>
<li class="toctree-l2"><a class="reference internal" href="#treat-mobile-clients-as-untrustworthy">Treat mobile clients as untrustworthy</a></li>
</ul>
</li>
</ul>
<p class="caption"><span class="caption-text">User Management &amp; Social Graph</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management &amp; social graph</a></li>
<li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li>
<li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li>
<li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li>
<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li>
<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li>
<li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li>
</ul>
<p class="caption"><span class="caption-text">Geo-location</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li>
</ul>
<p class="caption"><span class="caption-text">Assets &amp; Files</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../assets-and-files/uploading-assets.html">Uploading assets</a></li>
<li class="toctree-l1"><a class="reference internal" href="../assets-and-files/retrieving-assets.html">Retrieving assets</a></li>
<li class="toctree-l1"><a class="reference internal" href="../assets-and-files/folders.html">Folders</a></li>
</ul>
<p class="caption"><span class="caption-text">Counters &amp; Events</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters &amp; events</a></li>
<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating &amp; incrementing counters</a></li>
<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li>
<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li>
<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li>
</ul>
<p class="caption"><span class="caption-text">Organizations &amp; Applications</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization &amp; application management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li>
<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li>
<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/admin-user.html">Admin user</a></li>
</ul>
<p class="caption"><span class="caption-text">API Reference</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li>
<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li>
<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#sub-types">Sub-Types</a></li>
</ul>
<p class="caption"><span class="caption-text">Client SDKs</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li>
</ul>
<p class="caption"><span class="caption-text">Installing Usergrid</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../installation/deployment-guide.html">Usergrid 2.1.0 Deployment Guide</a></li>
</ul>
<p class="caption"><span class="caption-text">More about Usergrid</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations &amp; Videos</a></li>
<li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code &amp; Docs</a></li>
</ul>
</div>
&nbsp;
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../index.html">Apache Usergrid</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="../index.html">Docs</a> &raquo;</li>
<li>Security best practices</li>
<li class="wy-breadcrumbs-aside">
<a href="../_sources/security-and-auth/securing-your-app.txt" rel="nofollow"> View page source</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<div class="section" id="security-best-practices">
<h1>Security best practices<a class="headerlink" href="#security-best-practices" title="Permalink to this headline"></a></h1>
<p>There a number of actions you should take to ensure that your app is
secure before you put it into production. The following is not an
exhaustive list, but offers some common best practices you should
consider following to keep your app secure when using the Usergrid.</p>
<div class="section" id="never-use-the-sandbox-for-a-production-app">
<h2>Never use the &#8216;sandbox&#8217; for a production app<a class="headerlink" href="#never-use-the-sandbox-for-a-production-app" title="Permalink to this headline"></a></h2>
<p>By default, every new Usergrid account has an app named “sandbox” that
is already created under your new organization. This app is no different
than any other app that you might create, except that the Guest role has
been given full permissions (that is, /** for GET, POST, PUT, and
DELETE). This eliminates the need for a token when making application
level calls, and can make it much easier to get your app up and running;
however, it also means that any data in the sandbox application is
completely unsecured.</p>
<p>As with any other app, you can secure the sandbox application by
updating its roles and permissions. For more on working with permissions
and roles, see <a class="reference external" href="using-permissions.html">Using Permissions</a>.</p>
</div>
<div class="section" id="review-permissions-in-your-apps">
<h2>Review permissions in your apps<a class="headerlink" href="#review-permissions-in-your-apps" title="Permalink to this headline"></a></h2>
<p>Prior to launching your app into a production environment, it is
advisable to review all the roles and permissions you have set up, as
well as the groups and users you have assigned those permissions and
roles to. During development, you may find that you added various
permissions which may or may not still be required once the app is
complete. Review all permissions and delete any that are no longer
required.</p>
<p>Prior to taking your app live, you should secure it by removing any
unnecesary Guest permissions. (See <a class="reference external" href="using-permissions.html">Using
Permissions</a> for further information about
setting permissions.) After you secure your the app, any calls to the
API will need to include an OAuth token. Oauth tokens (also called
access tokens) are obtained by the API in response to successful
authentication calls. Your app saves the token and uses it for all
future calls during that session. Learn more about access tokens in
Authenticating users and application clients.</p>
</div>
<div class="section" id="edit-the-default-role">
<h2>Edit the &#8216;default&#8217; role<a class="headerlink" href="#edit-the-default-role" title="Permalink to this headline"></a></h2>
<p>When preparing an application for production use, a good first step is
to edit permission rules for the Default role. The permissions in this
role will be applied to every user who authenticates with a valid access
token.</p>
<p>For example, in the Default role, you will most likely first want to
remove the permission rule that grants full access to all authenticated
users:</p>
<div class="highlight-python"><div class="highlight"><pre>GET,PUT,POST,DELETE:/users/me/**
</pre></div>
</div>
<p>For more on roles, see <a class="reference external" href="using-permissions.html">Using Permissions</a>.</p>
<p>Review test accounts If you created any test user or test administrator
accounts during development, these should also be reviewed for relevancy
and security. Delete any test accounts that are no longer needed. If
these accounts are still needed, make sure that passwords have been
secured to the standards required by your app.</p>
</div>
<div class="section" id="use-https">
<h2>Use https<a class="headerlink" href="#use-https" title="Permalink to this headline"></a></h2>
<p>Make sure that any calls you make to the API are done using the secure
https protocol, and not the insecure http protocol.</p>
<p>If your app is a web app, that is, an app served by a web server, make
sure that the app is served using https.</p>
</div>
<div class="section" id="acquire-access-tokens-in-a-secure-way">
<h2>Acquire access tokens in a secure way<a class="headerlink" href="#acquire-access-tokens-in-a-secure-way" title="Permalink to this headline"></a></h2>
<p>There are various methods for acquiring an access token (see
<a class="reference external" href="authenticating-users-and-application-clients.html">Authenticating users and application
clients</a>. One
method is to use the application or organization level client
secret-client id combination. This method should not be used in client
applications (this is, apps that are deployed to a device, and which
authenticate and make calls against the API).</p>
<p>That’s because a hacker could analyze your app (even a compiled, binary
distribution of your app), and retrieve the secret-id combination. Armed
with this information, an attacker could gain full access to the data in
your account.</p>
<p>Instead, use application user credentials. This means that your app’s
users should provide a username and password. Your app would use these
to authenticate against the API and retrieve an access token.</p>
<p>The client secret-client id combination should be used only in secure,
server-side applications where there is no possibility of a hacker
gaining control of the credentials.</p>
</div>
<div class="section" id="treat-mobile-clients-as-untrustworthy">
<h2>Treat mobile clients as untrustworthy<a class="headerlink" href="#treat-mobile-clients-as-untrustworthy" title="Permalink to this headline"></a></h2>
<p>For mobile access, it is recommended that you connect as an application
user with configured access control policies. Mobile applications are
inherently untrusted because they can be easily examined and even
decompiled.</p>
<p>Any credentials stored in a mobile app should be considered secure only
to the Application User level. This means that if you don’t want the
user to be able to access or delete data in your Usergrid application,
you need to make sure that you don’t enable that capability through
roles or permissions. Because most web applications talk to the database
using some elevated level of permissions, such as root, it’s generally a
good idea for mobile applications to connect with a more restricted set
of permissions. For more information on restricting access through
permission rules, see <a class="reference external" href="using-permissions.html">Using Permissions</a>.</p>
</div>
</div>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="../user-management/user-management.html" class="btn btn-neutral float-right" title="User management &amp; social graph" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>
<a href="facebook-sign.html" class="btn btn-neutral" title="Facebook sign in" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>
</div>
<hr/>
<div role="contentinfo">
<p>
&copy; Copyright 2013-2015, Apache Usergrid.
</p>
</div>
Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT:'../',
VERSION:'1.0',
COLLAPSE_INDEX:false,
FILE_SUFFIX:'.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<script type="text/javascript" src="../_static/js/theme.js"></script>
<script type="text/javascript">
jQuery(function () {
SphinxRtdTheme.StickyNav.enable();
});
</script>
</body>
</html>