Re: [aerogear-dev] Security advice for UnifiedPush Server
Good morning Andreas, I think what you're looking for is something like
this[1], right?
That's an interesting scenario. I think if we extracted the registration
module to a separated WAR file, would help to protect /ag-push
infrastructure. Not sure if the idea is interesting.
Thoughts anyone?
[1] -
http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.h...
On 2014-11-24, Andreas Røsdal wrote:
Hello!
I would like to security advice for running the Aerogear UnifiedPush Server
for sending Push messages to an iPhone app. The app-server is Wildfly, and
HTTPS is enabled. It is important to prevent unauthorized push messages
from being sent. Do you have any documentation or general advice for
securing Aerogear UnifiedPush Server?
I would like to setup firewall rules to prevent users on the internet to
log in to the UnifiedPush Admin gui /ag-push/ while still allowing
registration of iPhone app/device tokens though the same UnifiedPush Admin
server. What kind of URL pattern can I use to prevent admin logins
externally?
Regards,
Andreas R.
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
PGP: 0x84DC9914