Security in M.App Enterprise
POSTED: | UPDATED: | by Stefan Schüttenkopf
Welcome to our latest blog post. As we traverse deeper into the digital era, the software landscape continues to burgeon at an unprecedented pace. Each technological stride is met with a surge of possibilities that shape how we live, work, and interact. However, with each new software application comes a corresponding potential vulnerability. This is where the intrinsic intertwining of software development and security takes center stage.
Navigating through the complexities of cyberspace, there is one constant that remains on the frontline - security. It's the invisible knight guarding our software architecture, the unsung hero often underestimated until a crisis surfaces. Security is not just a feature or an afterthought — it is an integral part of the software ecosystem that demands our undivided attention.
In this blog post, we are pulling back the curtain to delve into the critical realm of software security. We'll explore its significance, the consequences of underestimation, and the best recommended practices to build a fortified software environment. Whether you are a seasoned developer, an entrepreneur venturing into the digital world, or just a conscious user, this piece is an insightful guide into the intense, intriguing world of software security. Welcome aboard as we embark on this cybersecurity journey.
Securing the web.config
Web Applications like M.App Enterprise use Connection Strings
to connect to a database with certain credentials. This means the connection with Username U, Password P, Database Server H and Database name D are stored in plain text in a file - in this case the web.config
.
That could be a security concern for your (production) environment. This is why the connection strings should be encrypted.
The following example describes the process for a single-server setup:
- Run Command Prompt as Administrator (⊞ + R then enter
cmd
in the textfield) - Go to
C:\Windows\Microsoft.NET\Framework\v4.0.30319
- Perform the command below to encrypt the connection string in your web.config:
ASPNET_REGIIS -pef "connectionStrings" "INSTALLDIR_OF_MAE"
- Open
web.config
and check if the connection string is encrypted
- If you want to decrypt it back, run this command:
ASPNET_REGIIS -pdf "connectionStrings" "INSTALLDIR_OF_MAE"
- Open the
web.config
and check if the connection string is decrypted
For more information have a look at this article:
Securing Apps
You have also different options, when it comes to securing theApplications
of M.App Enterprise.
First we have to differentiate between using the built-in tools of M.App Enterprise and using external tools, like roles from Active Directoy and so on.
When securing M.App Enterprise with the built-in tools:
- Password Pattern
- 2FA
More details of how to set-up your security please have a look at the following posts:
When securing M.App Enterprise with the external tools:
- SSO with Roles / Users coming from the Active Directory provider