Dear All ,
Thank you so much for your support as always ….
Could you please give some idea about security and performance considerations while developing an IFS Aurena Client page.
Thanks in Advance
Regards:
Vishwajeet Chaudhary
Solved
IFS Aurena development Security Considerations
+2Best answer by haetse
As Vishwajeet wrote, many of the lower level technical security issue types are handled by the frameworks and as an Aurena/Marble developer don’t need to worrya about.
This include (but is not an exhaustive list) (from the OWASP Top Ten https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf)
- Authentication
- CSRF, XXE, XSS
- Parts of access control
Security related issues that you do need to consider when doing Aurena/Marbe development are
- Injections, especially SQL injections. Beware of dynamic SQL commands like EXECUTE IMMEDIATE, and/or dbms_sql
- Insecure direct object references, missing “row level access” and lack of access control of unbound actions.
Example: Apply a filter on the client side, but leaving the server (projection) with completely open API.
Also, adding “enabled” control on the client side but not do the same check in the API.
IFS Developer Studio contains assistance for possible security vulnerability scenarios such as SQL Injections and lack of access checks on unbound actions
+32Hi,
That’s a very broad question for anyone to give a meaningful answer to, without writing a whole essay :) Do you have anything particular in mind here? Security, in general, is handled by the Aurena framework and it is nothing you need to think about (of course, depending on what you mean by security). As for performance, well, don’t do server calls that are expensive and you will be fine :)
How much do you know right now about Aurena development? If you have some more specific questions, perhaps we can help out.
/Mathias
+2Hi ,
Thanks for your response.
You can consider me as a beginner in the Aurena developments. This is regarding when we are developing a Aurena Client page,
Security Considerations like: Secure authentication, Http protocols, and Token validation
Thanks in advance
+32Vishwajeet wrote:
Hi ,
Thanks for your response.
You can consider me as a beginner in the Aurena developments. This is regarding when we are developing a Aurena Client page,
Security Considerations like: Secure authentication, Http protocols, and Token validation
Thanks in advance
As a developer of Aurena pages, I would say you can ignore all of that and concentrate on the feature you want to develop. The Aurena framework will make sure that all of that is good.
/Mathias
As Vishwajeet wrote, many of the lower level technical security issue types are handled by the frameworks and as an Aurena/Marble developer don’t need to worrya about.
This include (but is not an exhaustive list) (from the OWASP Top Ten https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf)
- Authentication
- CSRF, XXE, XSS
- Parts of access control
Security related issues that you do need to consider when doing Aurena/Marbe development are
- Injections, especially SQL injections. Beware of dynamic SQL commands like EXECUTE IMMEDIATE, and/or dbms_sql
- Insecure direct object references, missing “row level access” and lack of access control of unbound actions.
Example: Apply a filter on the client side, but leaving the server (projection) with completely open API.
Also, adding “enabled” control on the client side but not do the same check in the API.
IFS Developer Studio contains assistance for possible security vulnerability scenarios such as SQL Injections and lack of access checks on unbound actions
+8Hello,
Is there any way to make a POST call to IFS API from another application. I already have the token access. But when I make a POST call there is always CSRF_ERROR
For example I want to post Transport Task from outside IFS10 Apps, using this API
thanks
- bhakti
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.