How secure is your app?
Mendix applications are implemented by a large variety of companies to support numerous and varied business processes. All these different Mendix users share the critical need for their applications to be secure and accessible.
The Mendix App Platform handles key security aspects out of box. For example, measures against front-end security threats, such as Cross Site Scripting, and server-side security threats, such as SQL Injection and Code Execution, are provided by the platform.
Mendix developers do not need to take these technical security aspects into consideration when building Mendix apps, as the platform handles this as a service. Obviously, this does not mean that developers do not have to consider security at all. Application-level authorization and access rights need to be configured in the model by the developer. This blog post gives you a set of best practices to manage application-level security and do it right from the very start of your project.
The Basics
Application security has never been easier to manage within the Mendix App Platform. With just a few clicks, users can see only their own relevant information and specific parts of the applications. Furthermore, with Mendix, security can be as granular as the business users need it to be.
As you may know, building an app in Mendix takes place in a project. In the project there are 3 types of security levels:
Off – When the security is off, there are no login requirements and the application is open
Prototype/ demo – As the name suggests, this security level is only used for demo purposes or prototypes and the page and microflow access is necessary
Production – If you want to deploy any app into the Mendix Cloud or move it to production; the production level is required and necessary for any enterprise application that is created and used.
The Project security oversees the modules security and you configure the user roles that you wish to assign to the end users. Each user role will have a number of underlying module roles. Advantages to having module specific user roles include the ease of importing and exporting the modules between projects. Furthermore, it’s easier to focus on small parts of the app instead of having everything in together.