Hi
I am wondering if anyone has any advice on authentication between server applications..
Particularly for Platform SDK/Web API server. It logs onto the config layer with no username/password - just host/port and app name. So what's to stop another <rogue> application doing the same? obviously they'd have to use Genesys proprietary SDK, and everything should be configured/secured behind firewalls/DMZ etc etc.. But this still seems a massive gap.
The same is of an SDK app connecting to t-server - there's no authentication in that scenario. Another is the command line app that came with later versions of SCS.. it does not auth against config layer..
Anyway, just wondered if anyone had come up against this before? enterprises are far more security/risk aware that they used to be, especially with externally facing components like WebAPI Server...
We have thought about:
- TLS - only secures legitimate connections, so not much good
- Client side port restriction - again, only good for legitimate connections
- changing username apps run under - has no bearing anyway, as it's stored in config layer.. It's as if there should be a secure key/token of some sort that is passed to apps upon login - and ONLY those connections will be authenticated
Hoping someone has some advice!
Thanks
DJM
