| |
| |
| <!DOCTYPE html> |
| <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> |
| <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> |
| <head> |
| <meta charset="utf-8"> |
| |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> |
| |
| <title>Security best practices — Apache Usergrid 2.x documentation</title> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" /> |
| |
| |
| |
| |
| |
| <link rel="top" title="Apache Usergrid 2.x documentation" href="../index.html"/> |
| <link rel="next" title="User management & social graph" href="../user-management/user-management.html"/> |
| <link rel="prev" title="Facebook sign in" href="facebook-sign.html"/> |
| |
| |
| <script src="../_static/js/modernizr.min.js"></script> |
| |
| </head> |
| |
| <body class="wy-body-for-nav" role="document"> |
| |
| <div class="wy-grid-for-nav"> |
| |
| |
| <nav data-toggle="wy-nav-shift" class="wy-nav-side"> |
| <div class="wy-side-nav-search"> |
| |
| |
| |
| <a href="../index.html" class="icon icon-home"> Apache Usergrid |
| |
| |
| |
| </a> |
| |
| |
| |
| |
| <div class="version"> |
| 2.x |
| </div> |
| |
| |
| |
| |
| <div role="search"> |
| <form id="rtd-search-form" class="wy-form" action="../search.html" method="get"> |
| <input type="text" name="q" placeholder="Search docs" /> |
| <input type="hidden" name="check_keywords" value="yes" /> |
| <input type="hidden" name="area" value="default" /> |
| </form> |
| </div> |
| |
| |
| </div> |
| |
| <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> |
| |
| |
| |
| <p class="caption"><span class="caption-text">Getting Started</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../introduction/overview.html">Getting Started</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Using Usergrid</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-account.html">Creating a Usergrid Account</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-a-new-application.html">Creating a new application</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-a-sandbox-app.html">Using a Sandbox Application</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-the-api.html">Using the API</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Data Storage</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Data Queries</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters & clauses</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators & data types</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Entity Connections</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Push Notifications</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/overview.html">Push notifications overview</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/adding-push-support.html">Adding push notifications support</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/getting-started.html">Getting started with push notifications</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/tutorial.html">Tutorial: Push notifications sample app</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/registering.html">Registering with a notification service</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-notifiers.html">Creating notifiers</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/managing-users-and-devices.html">Managing users and devices</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-and-managing-notifications.html">Creating and managing notifications</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/troubleshooting.html">Troubleshooting</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Security & Authentication</span></p> |
| <ul class="current"> |
| <li class="toctree-l1"><a class="reference internal" href="app-security.html">Security & token authentication</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="using-roles.html">Using roles</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users & app clients</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="user-authentication-types.html">Authentication levels</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li> |
| <li class="toctree-l1 current"><a class="current reference internal" href="">Security best practices</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="#never-use-the-sandbox-for-a-production-app">Never use the ‘sandbox’ for a production app</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="#review-permissions-in-your-apps">Review permissions in your apps</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="#edit-the-default-role">Edit the ‘default’ role</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="#use-https">Use https</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="#acquire-access-tokens-in-a-secure-way">Acquire access tokens in a secure way</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="#treat-mobile-clients-as-untrustworthy">Treat mobile clients as untrustworthy</a></li> |
| </ul> |
| </li> |
| </ul> |
| <p class="caption"><span class="caption-text">User Management & Social Graph</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management & social graph</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Geo-location</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Assets & Files</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../assets-and-files/uploading-assets.html">Uploading assets</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../assets-and-files/retrieving-assets.html">Retrieving assets</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../assets-and-files/folders.html">Folders</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Counters & Events</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters & events</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating & incrementing counters</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Organizations & Applications</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization & application management</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/admin-user.html">Admin user</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">API Reference</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#sub-types">Sub-Types</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Client SDKs</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Installing Usergrid</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../installation/deployment-guide.html">Usergrid 2.1.0 Deployment Guide</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">More about Usergrid</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations & Videos</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code & Docs</a></li> |
| </ul> |
| |
| |
| |
| </div> |
| |
| </nav> |
| |
| <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> |
| |
| |
| <nav class="wy-nav-top" role="navigation" aria-label="top navigation"> |
| <i data-toggle="wy-nav-top" class="fa fa-bars"></i> |
| <a href="../index.html">Apache Usergrid</a> |
| </nav> |
| |
| |
| |
| <div class="wy-nav-content"> |
| <div class="rst-content"> |
| <div role="navigation" aria-label="breadcrumbs navigation"> |
| <ul class="wy-breadcrumbs"> |
| <li><a href="../index.html">Docs</a> »</li> |
| |
| <li>Security best practices</li> |
| <li class="wy-breadcrumbs-aside"> |
| |
| |
| <a href="../_sources/security-and-auth/securing-your-app.txt" rel="nofollow"> View page source</a> |
| |
| |
| </li> |
| </ul> |
| <hr/> |
| </div> |
| <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article"> |
| <div itemprop="articleBody"> |
| |
| <div class="section" id="security-best-practices"> |
| <h1>Security best practices<a class="headerlink" href="#security-best-practices" title="Permalink to this headline">¶</a></h1> |
| <p>There a number of actions you should take to ensure that your app is |
| secure before you put it into production. The following is not an |
| exhaustive list, but offers some common best practices you should |
| consider following to keep your app secure when using the Usergrid.</p> |
| <div class="section" id="never-use-the-sandbox-for-a-production-app"> |
| <h2>Never use the ‘sandbox’ for a production app<a class="headerlink" href="#never-use-the-sandbox-for-a-production-app" title="Permalink to this headline">¶</a></h2> |
| <p>By default, every new Usergrid account has an app named “sandbox” that |
| is already created under your new organization. This app is no different |
| than any other app that you might create, except that the Guest role has |
| been given full permissions (that is, /** for GET, POST, PUT, and |
| DELETE). This eliminates the need for a token when making application |
| level calls, and can make it much easier to get your app up and running; |
| however, it also means that any data in the sandbox application is |
| completely unsecured.</p> |
| <p>As with any other app, you can secure the sandbox application by |
| updating its roles and permissions. For more on working with permissions |
| and roles, see <a class="reference external" href="using-permissions.html">Using Permissions</a>.</p> |
| </div> |
| <div class="section" id="review-permissions-in-your-apps"> |
| <h2>Review permissions in your apps<a class="headerlink" href="#review-permissions-in-your-apps" title="Permalink to this headline">¶</a></h2> |
| <p>Prior to launching your app into a production environment, it is |
| advisable to review all the roles and permissions you have set up, as |
| well as the groups and users you have assigned those permissions and |
| roles to. During development, you may find that you added various |
| permissions which may or may not still be required once the app is |
| complete. Review all permissions and delete any that are no longer |
| required.</p> |
| <p>Prior to taking your app live, you should secure it by removing any |
| unnecesary Guest permissions. (See <a class="reference external" href="using-permissions.html">Using |
| Permissions</a> for further information about |
| setting permissions.) After you secure your the app, any calls to the |
| API will need to include an OAuth token. Oauth tokens (also called |
| access tokens) are obtained by the API in response to successful |
| authentication calls. Your app saves the token and uses it for all |
| future calls during that session. Learn more about access tokens in |
| Authenticating users and application clients.</p> |
| </div> |
| <div class="section" id="edit-the-default-role"> |
| <h2>Edit the ‘default’ role<a class="headerlink" href="#edit-the-default-role" title="Permalink to this headline">¶</a></h2> |
| <p>When preparing an application for production use, a good first step is |
| to edit permission rules for the Default role. The permissions in this |
| role will be applied to every user who authenticates with a valid access |
| token.</p> |
| <p>For example, in the Default role, you will most likely first want to |
| remove the permission rule that grants full access to all authenticated |
| users:</p> |
| <div class="highlight-python"><div class="highlight"><pre>GET,PUT,POST,DELETE:/users/me/** |
| </pre></div> |
| </div> |
| <p>For more on roles, see <a class="reference external" href="using-permissions.html">Using Permissions</a>.</p> |
| <p>Review test accounts If you created any test user or test administrator |
| accounts during development, these should also be reviewed for relevancy |
| and security. Delete any test accounts that are no longer needed. If |
| these accounts are still needed, make sure that passwords have been |
| secured to the standards required by your app.</p> |
| </div> |
| <div class="section" id="use-https"> |
| <h2>Use https<a class="headerlink" href="#use-https" title="Permalink to this headline">¶</a></h2> |
| <p>Make sure that any calls you make to the API are done using the secure |
| https protocol, and not the insecure http protocol.</p> |
| <p>If your app is a web app, that is, an app served by a web server, make |
| sure that the app is served using https.</p> |
| </div> |
| <div class="section" id="acquire-access-tokens-in-a-secure-way"> |
| <h2>Acquire access tokens in a secure way<a class="headerlink" href="#acquire-access-tokens-in-a-secure-way" title="Permalink to this headline">¶</a></h2> |
| <p>There are various methods for acquiring an access token (see |
| <a class="reference external" href="authenticating-users-and-application-clients.html">Authenticating users and application |
| clients</a>. One |
| method is to use the application or organization level client |
| secret-client id combination. This method should not be used in client |
| applications (this is, apps that are deployed to a device, and which |
| authenticate and make calls against the API).</p> |
| <p>That’s because a hacker could analyze your app (even a compiled, binary |
| distribution of your app), and retrieve the secret-id combination. Armed |
| with this information, an attacker could gain full access to the data in |
| your account.</p> |
| <p>Instead, use application user credentials. This means that your app’s |
| users should provide a username and password. Your app would use these |
| to authenticate against the API and retrieve an access token.</p> |
| <p>The client secret-client id combination should be used only in secure, |
| server-side applications where there is no possibility of a hacker |
| gaining control of the credentials.</p> |
| </div> |
| <div class="section" id="treat-mobile-clients-as-untrustworthy"> |
| <h2>Treat mobile clients as untrustworthy<a class="headerlink" href="#treat-mobile-clients-as-untrustworthy" title="Permalink to this headline">¶</a></h2> |
| <p>For mobile access, it is recommended that you connect as an application |
| user with configured access control policies. Mobile applications are |
| inherently untrusted because they can be easily examined and even |
| decompiled.</p> |
| <p>Any credentials stored in a mobile app should be considered secure only |
| to the Application User level. This means that if you don’t want the |
| user to be able to access or delete data in your Usergrid application, |
| you need to make sure that you don’t enable that capability through |
| roles or permissions. Because most web applications talk to the database |
| using some elevated level of permissions, such as root, it’s generally a |
| good idea for mobile applications to connect with a more restricted set |
| of permissions. For more information on restricting access through |
| permission rules, see <a class="reference external" href="using-permissions.html">Using Permissions</a>.</p> |
| </div> |
| </div> |
| |
| |
| </div> |
| </div> |
| <footer> |
| |
| <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> |
| |
| <a href="../user-management/user-management.html" class="btn btn-neutral float-right" title="User management & social graph" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a> |
| |
| |
| <a href="facebook-sign.html" class="btn btn-neutral" title="Facebook sign in" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a> |
| |
| </div> |
| |
| |
| <hr/> |
| |
| <div role="contentinfo"> |
| <p> |
| © Copyright 2013-2015, Apache Usergrid. |
| |
| </p> |
| </div> |
| Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. |
| |
| </footer> |
| |
| </div> |
| </div> |
| |
| </section> |
| |
| </div> |
| |
| |
| |
| |
| |
| <script type="text/javascript"> |
| var DOCUMENTATION_OPTIONS = { |
| URL_ROOT:'../', |
| VERSION:'2.x', |
| COLLAPSE_INDEX:false, |
| FILE_SUFFIX:'.html', |
| HAS_SOURCE: true |
| }; |
| </script> |
| <script type="text/javascript" src="../_static/jquery.js"></script> |
| <script type="text/javascript" src="../_static/underscore.js"></script> |
| <script type="text/javascript" src="../_static/doctools.js"></script> |
| |
| |
| |
| |
| |
| <script type="text/javascript" src="../_static/js/theme.js"></script> |
| |
| |
| |
| |
| <script type="text/javascript"> |
| jQuery(function () { |
| SphinxRtdTheme.StickyNav.enable(); |
| }); |
| </script> |
| |
| |
| </body> |
| </html> |