Skip to main content

Security in M.App Enterprise

POSTED: | UPDATED: | by Stefan Schüttenkopf

Welcome to our latest blog post. As we traverse deeper into the digital era, the software landscape continues to burgeon at an unprecedented pace. Each technological stride is met with a surge of possibilities that shape how we live, work, and interact. However, with each new software application comes a corresponding potential vulnerability. This is where the intrinsic intertwining of software development and security takes center stage.

Navigating through the complexities of cyberspace, there is one constant that remains on the frontline - security. It's the invisible knight guarding our software architecture, the unsung hero often underestimated until a crisis surfaces. Security is not just a feature or an afterthought — it is an integral part of the software ecosystem that demands our undivided attention.

In this blog post, we are pulling back the curtain to delve into the critical realm of software security. We'll explore its significance, the consequences of underestimation, and the best recommended practices to build a fortified software environment. Whether you are a seasoned developer, an entrepreneur venturing into the digital world, or just a conscious user, this piece is an insightful guide into the intense, intriguing world of software security. Welcome aboard as we embark on this cybersecurity journey.

Securing the web.config

Web Applications like M.App Enterprise use Connection Strings to connect to a database with certain credentials. This means the connection with Username U, Password P, Database Server H and Database name D are stored in plain text in a file - in this case the web.config. That could be a security concern for your (production) environment. This is why the connection strings should be encrypted. The following example describes the process for a single-server setup:
  • Run Command Prompt as Administrator (⊞ + R then enter cmd in the textfield)
  • Go to C:\Windows\Microsoft.NET\Framework\v4.0.30319
  • Perform the command below to encrypt the connection string in your web.config: ASPNET_REGIIS -pef "connectionStrings" "INSTALLDIR_OF_MAE"
  • Open web.config and check if the connection string is encrypted
  • If you want to decrypt it back, run this command:
    ASPNET_REGIIS -pdf "connectionStrings" "INSTALLDIR_OF_MAE"
  • Open the web.config and check if the connection string is decrypted

For more information have a look at this article:

Connection string encryption and decryption
The connection strings are mostly stored in web.config. It means that connection specific information such as database name, username, and password are stored…

Securing Apps

You have also different options, when it comes to securing the Applications of M.App Enterprise. First we have to differentiate between using the built-in tools of M.App Enterprise and using external tools, like roles from Active Directoy and so on.

When securing M.App Enterprise with the built-in tools:

  • Password Pattern
  • 2FA

More details of how to set-up your security please have a look at the following posts:

Lesson 7: Creating Users and Claims
Users When we have a look at the hierarchy of users in M.App Enterprise (see following screenshot) - the users spoken of here are at the part called Apps, which means the M.App Enterprise Studio Administrator is creating one or more users and assign the users to specific
How to setup “Two factor authentication”
In this short tutorial we guide you through the necessary steps to secure your application even further What is Two-factor authentication? 2FA is a security mechanism, where you have to provide your passwort plus a second piece of evidence - in most of the cases via mobile phone. M.App

When securing M.App Enterprise with the external tools:

  • SSO with Roles / Users coming from the Active Directory provider