https://community.esri.com/t5/arcgis-api-for-silverlight-questions/proxy-ashx-security/m-p/111801#M2791 <HTML><HEAD></HEAD><BODY><SPAN>I have a Silverlight application that makes use of the proxy.ashx &amp; proxy.config files provided by ESRI. A comment at the top of the proxy.ashx flie reads:</SPAN><BR /><BLOCKQUOTE class="jive-quote">&nbsp; This proxy page does not have any security checks. It is highly recommended<BR />&nbsp; that a user deploying this proxy page on their web server, add appropriate<BR />&nbsp; security checks, for example checking request path, username/password, target<BR />&nbsp; url, etc.</BLOCKQUOTE><BR /><BR /><SPAN>I have mustMatch set to true in proxy.config, so that should handle the target url. None of the urls have usernames and passwords. Other than that I can't think of "security checks" to add. Does anyone have any suggestions or examples of other security checks that could be implemented? For instance, how could the request path be checked?</SPAN><BR /><BR /><SPAN>Thanks....</SPAN></BODY></HTML> Mon, 12 Sep 2011 14:29:47 GMT DanielSanders 2011-09-12T14:29:47Z https://community.esri.com/t5/arcgis-api-for-silverlight-questions/proxy-ashx-security/m-p/111801#M2791 <HTML><HEAD></HEAD><BODY><SPAN>I have a Silverlight application that makes use of the proxy.ashx &amp; proxy.config files provided by ESRI. A comment at the top of the proxy.ashx flie reads:</SPAN><BR /><BLOCKQUOTE class="jive-quote">&nbsp; This proxy page does not have any security checks. It is highly recommended<BR />&nbsp; that a user deploying this proxy page on their web server, add appropriate<BR />&nbsp; security checks, for example checking request path, username/password, target<BR />&nbsp; url, etc.</BLOCKQUOTE><BR /><BR /><SPAN>I have mustMatch set to true in proxy.config, so that should handle the target url. None of the urls have usernames and passwords. Other than that I can't think of "security checks" to add. Does anyone have any suggestions or examples of other security checks that could be implemented? For instance, how could the request path be checked?</SPAN><BR /><BR /><SPAN>Thanks....</SPAN></BODY></HTML> Mon, 12 Sep 2011 14:29:47 GMT https://community.esri.com/t5/arcgis-api-for-silverlight-questions/proxy-ashx-security/m-p/111801#M2791 DanielSanders 2011-09-12T14:29:47Z https://community.esri.com/t5/arcgis-api-for-silverlight-questions/proxy-ashx-security/m-p/111802#M2792 <HTML><HEAD></HEAD><BODY><SPAN>We have a custom proxy.&nbsp; The proxy will only forward requests from authenticated users that target resources known by the proxy.&nbsp; One common trick is for someone to use a proxy to forward requests to servers having nothing to do with your application.&nbsp; If you want to do this then just check if the target URL matches the base URL of resources you expose.</SPAN></BODY></HTML> Mon, 12 Sep 2011 20:31:47 GMT https://community.esri.com/t5/arcgis-api-for-silverlight-questions/proxy-ashx-security/m-p/111802#M2792 RichardWatson 2011-09-12T20:31:47Z https://community.esri.com/t5/arcgis-api-for-silverlight-questions/proxy-ashx-security/m-p/111803#M2793 <HTML><HEAD></HEAD><BODY><SPAN>Thanks for the information.</SPAN></BODY></HTML> Tue, 13 Sep 2011 14:18:41 GMT https://community.esri.com/t5/arcgis-api-for-silverlight-questions/proxy-ashx-security/m-p/111803#M2793 DanielSanders 2011-09-13T14:18:41Z