Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    SmartClient Developer Console/production environment

    SmartClient Version: v9.1p_2014-08-31/Pro Deployment (built 2014-08-31)

    As far as the SmartClient Developer Console is concerned, are there any configuration changes that should be made before deploying into a production environment?

    Can we and should we be preventing access to the SmartClient Developer Console by users of the application when deploying into a production environment?

    Thanks
    Tags: None
    #2
    You can either omit the tools directory from your deployment, or you could us standard web server mechanisms to password protect access to the tools/ subdirectory. This allows admins to access the developer console but blocks out any unauthorized access.
    (This is covered here)

    You should also ensure you have your RPCManager.enabledBuiltInMethods configured correctly to limit access to server functionality, only enabling what you actually want. See the com.isomorphic.rpc.BuiltInRPC and com.isomorphic.tools.BuiltInRPC javadoc for more on these methods.

    Regards
    Isomorphic Software

    Comment

      #3
      Thanks for the information.

      "Additionally, you must set RPCManager.enableBuiltinRPCs: true in server.properties to enable bulitin RPCs."

      My findings indicate that when omitted in server.properties, RPCManager.enableBuiltinRPCs defaults to true, which isn't how I interpreted the above documentation. It seems to default to true unless explicitly set to false.

      Regards

      Comment

        #4
        You're right - the enableBuiltinRPCs flag is enabled by default since there is fine grained control over which specific built-in-rpcs are actually enabled. We'll improve the docs on this one.

        Regards
        Isomorphic Software

        Comment

          #5
          Thanks,

          We've removed the tools directory from the deployment and locked down the built-in-rpcs.

          Now, the only thing left we wonder about is the Developer Console (i.e. javascript:isc.showConsole()). Is there anything we should be doing to prevent access to this? It appears to be separate from the tools.

          Looks like it loads URL (../sc/system/helpers/Log.html).

          Regards

          Comment

            #6
            Without the Built-in RPCs enabled, the Developer Console has functionality similar to what the browser's built-in developer tools allow you to do - equally safe.

            Comment

              #7
              Thank you very much.

              Comment

              Previous template Next
              Working...
              X