Community
Select to view content in your preferred language

Proxy.ashx Security

695
2
09-12-2011 07:29 AM
DanielSanders
by
Occasional Contributor
‎09-12-2011 07:29 AM
I have a Silverlight application that makes use of the proxy.ashx & proxy.config files provided by ESRI. A comment at the top of the proxy.ashx flie reads:
  This proxy page does not have any security checks. It is highly recommended
  that a user deploying this proxy page on their web server, add appropriate
  security checks, for example checking request path, username/password, target
  url, etc.


I have mustMatch set to true in proxy.config, so that should handle the target url. None of the urls have usernames and passwords. Other than that I can't think of "security checks" to add. Does anyone have any suggestions or examples of other security checks that could be implemented? For instance, how could the request path be checked?

Thanks....
0 Kudos
2 Replies
RichardWatson
by
Deactivated User
‎09-12-2011 01:31 PM
We have a custom proxy.  The proxy will only forward requests from authenticated users that target resources known by the proxy.  One common trick is for someone to use a proxy to forward requests to servers having nothing to do with your application.  If you want to do this then just check if the target URL matches the base URL of resources you expose.
0 Kudos
DanielSanders
by
Occasional Contributor
‎09-13-2011 07:18 AM
Thanks for the information.
0 Kudos