Internet Access Support

Security when accessing a Jade application from the Internet can be defined at the levels described in the following subsections.

• Windows Security

• Web Server Security

• Application Security

• JadeHttp.ini File Security

• Network Device Security

• Suppressing the Logging of Messages

• Uploading Text Input Files to the Web

• Web Form Security

Web Form applications that have a log‑in mechanism or that store any privileged information in the session object must call the WebSession class secureSession method before storing any information or setting any flags that might authenticate the currentSession object. This is necessary to prevent session fixation vulnerabilities (https://owasp.org/www-community/attacks/Session_fixation).

Applications that need secure sessions must also have a session timeout configured (in the Session Timeout text box on the Web Options sheet of the Define Application dialog) or they must implement their own handling to remove sessions.

As unknown XML web service consumers can access an XML web service provider, the web server must provide basic security services at the protocol level. The Web Services sheet on the Define Application dialog enables you to specify that the application is secure. In addition, the Web Services sheet of the Define Class dialog enables you to specify whether a web services class uses the default security of the application or you can override this value and select whether the class is secure (that is, it uses the HTTPS protocol) or not secure (that is, it uses the HTTP protocol).

In addition, you can use the TCP communication protocol for direct web services messages between Jade systems. For more details, see "Building Web Service Applications", in Chapter 10 of the Developer's Reference.