DreamFactory Services Platform (DSP)
was designed from the beginning to be a very secure way for an
enterprise customer to host mobile applications. This blog post covers
security benefits on the server side and at the client, and towards the
end we discuss the advantages of our user roles and permissions system.
From the server side, you can install a DSP on your own cloud
computer or data center. The DSP software package includes a complete
LAMP Stack with PHP and a dedicated MySQL database that can be installed
on any Linux virtual machine. This allows a company to use the same
deployment and management practices for a DSP that they are already
using for other applications. They can monitor usage, make backups,
control cost, configure firewalls, and deploy applications with familiar
tools and systems.
The open source nature of the DSP code base
is also designed for security. An open source product has "many eyes" on
the code base. We have signed up for third party security audits as
well. DreamFactory Software has a team of engineers adding new features
and looking for security problems on a regular basis. The latest version
of the software is available from us at various cloud marketplaces.
Since we are not hosting your application, there is no risk of
DreamFactory losing your data. You do not need to worry about how we
manage our data center, or how we keep your data separate from other
customers.
There are aspects of the service architecture that
also lend themselves to security. The service architecture has a single
point of entry, so all service calls pass through this gateway. We have
written the code in the latest version of PHP, the most widely used web
programming framework in the world. The use of PHP helps with issues
like buffer overrun attacks. The SQL interface completely decomposes and
recomposes all query strings to prevent SQL injection attacks as well.
When
a user signs on to a DSP they receive a session ID, which is securely
managed as a browser cookie in an HTML5 application, or as a transient
local variable in a native application. All network transactions are
conducted over HTTPS, thus adding the security capabilities of SSL/TLS
to standard HTTP communications. The DSP also implements cross-origin
resource sharing (CORS) support and a white list that controls which
domains can use the platform. This enables any website or domain to use
the platform services if desired. By default CORS support is turned off
and the services are only available from the originating host.
The
DSP service interface enables automated or manual data synchronization
with other databases or external partners as needed. A special user role
could be created for the DSP that grants access only to required
database objects. This allows an enterprise to construct a "data
firewall" where sensitive data can be moved in or out of the DSP as
needed. This data is exposed to mobile users, so even if the DSP
database is compromised, there would be no way to gain access to the
master database.
From the client side, each DSP comes with a
complete and comprehensive services palette. This makes your mobile
application somewhat future proof: there is no need to re-engineer the
backend services for every new feature at the client. Our user
management features are also very extensive. Single sign-on, user roles,
guest users, open registration, password resets, email services, email
templates, and password hashing are all carefully implemented.
One
special security feature for users is that administrative updates to
user roles and permissions are instantly reflected in the current
session. For example, if a user is inactivated his session becomes
invalid immediately. This provides a more secure environment for people
entering or leaving the company and for lost devices or security
breaches.
Each DSP also contains some high level security
features for controlling which users see which data, services, and
applications. This is very useful for segmenting the user base with
different roles. The information that a sales or marketing person might
see can be different from a project manager or company executive. This
capability implements a higher level of security that prevents
accidental data loss or disclosure of sensitive information.
Multiple
applications can be hosted on a single DSP, and the administrator can
create user roles to control which users see which applications. For
example, a project manager would see a Gantt chart application,
individual contributors would see a project calendar, and executives
would see a report generator. The entire suite of visible applications
can be adjusted based on appropriate user interest and role.
User
roles also control what database objects are visible. This enables
people to use the same application in different ways. For example, some
people might see all data as read only, while others have the rights to
create or delete data. The application can detect these permissions for a
particular object at runtime and make various options available or
inactive as needed. This capability also allows information to be hidden
from certain groups. For example, individual sales people might not
have access to salary information, while this data might be available
for managers or executives.
Roles have the ability to enable or
disable individual services as well. This controls access to 3rd party
services that have been integrated with the DSP. One popular service is
BLOB storage, these are binary documents stored locally on the DSP
server or remotely in S3 or Azure. Each service can specify the external
credentials to the service and also the access root of the folder tree.
This enables each user role fine grained access to multiple document
repositories.
The services have another useful capability.
Various URL parameters and HTTP headers can be specified in the service
object. This information is entered by an administrator and securely
stored on the DSP server. Once the user enters their single sign-on
credentials, they have controlled access to these external services as
enabled by their user role. This capability removes the need for the
client application at runtime to store any master credentials to
external services. Another benefit of this architecture is that external
services can be activated, deactivated, or redirected without changing
client software.
Offshore Mobile Application Development