Community

REST Service security and Flex web map

319
2
12-19-2013 11:00 AM
AaronKreag
by
Occasional Contributor
‎12-19-2013 11:00 AM
I have inherited a couple "unsecured" rest services that are accessible through a public facing URL.  They are part of an unsecured, public facing Flex web map application.  It turns out that internet trolls are connecting to the rest service at night and basically pulling down the data, others are using it in the own maps without permission.

I am not a flex guy.  Can folks make some recommendations?  What is the easiest way to make the REST data available and unencumbered to the public through the Flex app, yet make it impossible or very difficult for some crafty folks to sleuth the raw data from my REST end point directly?

If possible, please point me towards some type of document or example as I am learning all of this as I go.  Thank you!
Tags (2)
0 Kudos
2 Replies
JaimePrado
by
New Contributor II
‎12-19-2013 01:01 PM
Hi,

Can you control the security for those services? If so, create a new folder in Server Manager and make it Private.

Check the box "Allow access to all users...

Create a new Role to allow access to secured services, you won't need a password to gain access.

Make sure the to make the service Public.


Hope this helps.
Noah-Sager
by Esri Regular Contributor
Esri Regular Contributor
‎12-19-2013 01:08 PM
Jaime has a good suggestion. Securing the map services will protect you at REST and in your application.

Another option is to enforce security using IIS. Here are some links to documentation and resources about securing resources. Hope this helps!

ArcGIS REST API - Working with services you've published
http://resources.arcgis.com/en/help/arcgis-rest-api/index.html#/Working_with_services_you_ve_publish...

Configuring ArcGIS Server security
http://resources.arcgis.com/en/help/main/10.2/index.html#/Configuring_ArcGIS_Server_security/0154000...

Configuring Security: Microsoft IIS
http://www.iis.net/learn/manage/configuring-security
0 Kudos