Securely Deploying Web Apps - MATLAB & Simulink (original) (raw)

Main Content

• Install the MATLAB® Web App Server on a dedicated physical or virtual machine, and do not use this machine for any other purpose.
• Run web apps behind your organization firewall. Do not allow access from the open Internet.
• Install web apps only from trusted and verified people and organizations.
• Limit the features and functionality you build into the web apps you develop.
  • Do not call the MATLAB function eval().
  • Avoid free-text input where you can, and use menus, lists, buttons, and other affordances instead.
  • Sanitize input from the app user interface and data files.
  • Limit file, network, and other resource access to the minimum required by your app.
  • Verify the trustworthiness of any third-party code included in your app.
• If your application accesses sensitive data, use in-application authentication to limit access.
• Reduce exposure level by limiting the time that the app runs to only those times when it is needed. For example, do not run it 24 hours a day, 7 days a week from your desktop.

See Also

Topics

• Authoring Secure Web Apps
• Potential Risks
• Enabling HTTPS
• MATLAB Web App Server Security