This chapter describes how to design security into client/server applications. The approach in this chapter is designed for an application that uses the distributed process model for client/server applications. Applications that use remote data access can apply some of the techniques with modifications.
Ensuring security of the client/server application is an important design consideration for all projects. Transaction environments are configured to use security when they require restricted access to their set of available transactions. Each transaction request received by a secured target server must contain security data such as a user ID and password. The target server uses the security data to grant execution access to users which it deems as authorized.
Client/server application security has two major components:
The identification of the user includes capturing the security data of the person using the client software and providing the security data to the server. The security data is the user ID, password, and optionally a security token.
After the user is identified at the client and server, the access rights of that user must be determined and the application secured within the application itself.
Securing a transaction and its functions is the application designer's responsibility. CA Gen verifies security in the server environment only.
|
Copyright © 2013 CA.
All rights reserved.
|
|