[aerogear-dev] Security advice for UnifiedPush Server
Bruno Oliveira
bruno at abstractj.org
Mon Nov 24 07:57:14 EST 2014
Good morning Andreas, I think what you're looking for is something like
this[1], right?
That's an interesting scenario. I think if we extracted the registration
module to a separated WAR file, would help to protect /ag-push
infrastructure. Not sure if the idea is interesting.
Thoughts anyone?
[1] -
http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.html#toc3.18
On 2014-11-24, Andreas Røsdal wrote:
> Hello!
>
> I would like to security advice for running the Aerogear UnifiedPush Server
> for sending Push messages to an iPhone app. The app-server is Wildfly, and
> HTTPS is enabled. It is important to prevent unauthorized push messages
> from being sent. Do you have any documentation or general advice for
> securing Aerogear UnifiedPush Server?
>
> I would like to setup firewall rules to prevent users on the internet to
> log in to the UnifiedPush Admin gui /ag-push/ while still allowing
> registration of iPhone app/device tokens though the same UnifiedPush Admin
> server. What kind of URL pattern can I use to prevent admin logins
> externally?
>
>
> Regards,
> Andreas R.
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
PGP: 0x84DC9914
More information about the aerogear-dev
mailing list