Security¶
Standard measures¶
To prevent unauthorized access to the SCWS, a number of security measures built in the operating system and the standard browsers are taken advantage of.
Network restriction¶
First, the SCWS is listening only to the 127.0.0.1 interface (localhost). This prevents any connection from the network. Only local processes can therefore contact the service.
Cross-origin restriction¶
In addition, the Cross-Origin Resource Sharing (CORS) mechanism, implemented by all browsers, prevents pages served by unauthorized servers to access the service. The value of the Access-Control-Allow-Origin HTTP header returned by the service is determined by the Web Application Certificate, and page originating from a different server will be denied access.
Proprietary authentication scheme¶
In addition to the measures described above, a proprietary scheme, using public key cryptography and challenge-response, has been defined to ensure that only authorized web applications can use the service.
When the web application initially contacts the SCWS (through a SCWS.findService() call), it must provide a static Web Application Certificate, generated by Idopte for each web application. This string certifies the server URL, and is used in combination with the CORS mechanism to ensure the web application is legitimate.
Moreover, the web application is given a challenge as a result of this method call. This challenge must be signed on the application server side, and the signature must be sent back to the client side and transmitted to the SCWS (through a SCWS.createEnvironment() call). This will then grant access to all subsequent calls to API functions.
Note that, for this scheme to make sense, the server must be able to identify that the challenge signature request comes from a genuine client. This is the responsiblity of the web application developer to guarantee this (for example using cookies, or the session mechanisms provided by the server-side framework).
See the Environment setup chapter for more information.