Geomajas Community Documentation

2.4.3. Server configuration

While this is not really touched by description above, the following system configuration issues are likely to be important when you want to secure your Geomajas application.

  • Make sure the communication between the client and server uses encryption, possibly by using https. This prevents snooping of your data and/or hijacking the security token.

  • Even if your application is using http for some reason, at the very least your authentication method should use https to prevent your passwords from being transmitted on the wire in cleartext. I would expect all authentication servers do this.

  • Depending on your needs, it may make sense to store the data encrypted on the server. If you want that, your need a layer model which can access your secured data (possibly passing on the security token).