I am after a little bit of help.
I have a mobile application that currently runs on both iOS and Android. this application uses in house APIs to do most of the back end work.
I have a need to start using some legacy services that sit within the back end servers in my company.
I have proposed that we use a new application server that will sit in the DMZ and this will run an application that will contact the services and get me the data i need.
My question is how can i ensure that the connection from the Mobile device to this application server is secure? what protocol should i use?
thanks in advance.
If the Application Server exposes an HTTP-based end-point which the Mobile app calls, then it can be secured by SSL. Based on the flavor of your Application Server, look into how to setup an SSL-endpoint and your mobile app can then talk to the SSL-enabled HTTP endpoint (HTTPS).
Related
how to refresh local data automatically when server data changes in azure mobile app(android).Right now i m using a timer that refresh my server request but this approach is not satisfactory as my app keep on sending requests to azure.What is the best approach for doing this?I also tried to understand one of the answer in stack overflow based on Exponential Back Off Delay Based but failed to understand.Kindly just guide me on this
For communicating server-side updates to client apps, use SignalR.
Here's some guidance on using it with Azure Mobile Apps: Real-time with ASP.NET SignalR and Azure Mobile .NET Backend
We just released an update for Azure Mobile Services .NET backend which enables you to use ASP.NET SignalR for real-time, bi-directional communications with your mobile applications. SignalR will use WebSockets under the covers when it's available, and fallback to other “techniques” (i.e. HTTP hacks 😉) when it isn't. Regardless of the mode, your application code stays the same.
We're looking into writing a mobile app for our company and have a concern as to the infrastructure of how the application will connect with our data.
Our current structure for our web applications is as follows:
We have an App server which holds our .NET sites, this is externally facing (obviously)
These .NET sites interact with our API server (which is only accessible by anything on our App server) So this is only internally accessible
A mobile app will not be on our servers, but it will still need to be able to access our API's. What would be the best course of action to be able to still maintain a level of securing our data in our API's while being able to have them externally accessible by a mobile app or any other app that would need data from it?
My initial thoughts would be some sort of API key system, or perhaps API users?
Thanks!
You should encrypt your API with ssl. You can also use an API management solution. There are some open source options such as: http://wso2.com/products/api-manager/ and API Agility https://apigility.org/
I am using Rabbit MQ broker in one of mobile apps that we are developing, I am bit puzzled about security aspects. we are using cloud hosted rabbitmq and hosting platform has given us user name and password (which have been changed since) and we are using SSLconnection so not so much worried about MIM or eavesdropping.
my concern is anybody who knows host and port can make connection to rabbitmq, since we have mobile app we are storing rabbitmq user name and password on device (although encrypted) so I guess that anybody who gets physical access to device and somehow decrypts username password can login to rabbitmq, and once you are logged in you can pretty much do anything on rabbitmq like deleting queues etc..
How are MQ like Rabbitmq used in mobile environment. Is there a better / more secure way of using rabbitmq.
In my experience, it is best to not have your mobile app connect to rabbitmq directly. Use a web server in between the app and RabbitMQ. Have your mobile app connect to your web server via HTTP based API calls. The web server will connect to RabbitMQ, and you won't have to worry about the mobile app having the connection information in it.
There are several advantages of this, on top of the security problem:
better management of RabbitMQ connections
easier to scale number of mobile users
ability to add more logic and processing to the back-end, as needed, without changing the mobile app
creating a connection to RabbitMQ is an expensive operation. It requires a TCP/IP connection. once that connection is open it stays open until you close it. if you open a connection from your mobile app and leave it open, you are reducing the number of available connections to RabbitMQ. if you open and close the connection quickly, you are inducing a lot of extra cost in creating and closing the connections constantly.
with a web server in the middle, you can open a single connection and have it manage multiple mobile devices. the web server will handle the http requests and use the one connection to rabbitmq to push messages to it.
since an HTTP web request is a short-lived connection, you'll be able to handle more users in a short period of time, than you would with direct rabbitmq connections.
this ultimately leads to better scalability as you can add another web server to handle thousands more mobile app instances, while only adding 1 new RabbitMQ connection.
this also lets you add middle-tier logic inside of the web server. you can add additional layers of processing as needed, without changing the mobile app. change the web server code and redeploy as needed.
if you must do this without a server in the middle, you likely won't be able to get around the security issue that you're having. the mobile device will contain the necessary information to make the connection.
I have an application running on Bluemix CF and another (client) application running on Softlayer (but does not matter, it could be on any other external data center).
I need the two applications to communicate together (TCP/HTTPS) with bi-directional communication.
If I install the Secure Gateway client on the Softlayer data center, can I get a bi-directional channel?
Or should I use another service? I have a firewall on Softlayer so maybe I could use a firewall on Bluemix too to filter the entering IP addresses? But did not see any firewall service.
You probably want to have a look at the Vyatta service on Softlayer
http://www.softlayer.com/network-appliances
You should be able to use this as a secure gateway to limit what can talk to your Softlayer app to only traffic coming from Bluemix (it may take a little trial and error to work out the external range for Bluemix).
If your application on Softlayer is protected with a SSL/TLS connection then you should be able to have both directions protected by suitable level of encryption (Bluemix apps get HTTPS by default)
A client has asked for additional security for a web app which would allow only company owned and approved tablet computers (brand not yet known) to connect to a PHP web app.
The app will be un/pw protected but the company would like to prevent all access except via the tablets.
MAC addresses would be great for this but these will be used in the field and use a myFi portable wifi to connect to the server so the MAC address will not be available.
Can anyone point me to a sound method for this secondary validation?
Your best solution here would be to deploy mutually-authenticated SSL between your client tablets and your server. You can use self-signed certificates here so you don't need to buy any from a CA. This will ensure that your server only accepts requests from tablets that have the client-side certificate (configure your server to only accept the self-signed client certificates deployed on your tablets for client authentication).