The platform administrator is responsible for most aspects of security, however application security can be managed by domain administrator.
Security in Unwired Platform can be separated into distinct areas:
- Transport security – secures client/server communications by using digital certificates and public-key cryptography. Public-key cryptography is a widely used approach that secures communication between source and destination components as data is transferred across public or private networks.
- User security – authenticates and authorizes user or administrator access by using the services of a configured provider listed in a security configuration. Once authenticated, access is given to perform operations with a package. However, application data access then further depends on the logical role assigned to the MBO and operations, and its mapping to a role/group in the provider.
Unwired Server relies on user entries that are stored in a existing directory like LDAP. When
a user requests data in the device application, the application uses Unwired Server to authenticate the user and authorize access to specific resources with configured providers.
- Network security – secures components behind a firewall using a proxy. Unwired Platform components are usually installed in a private network, thereby isolating it from external network by one or more intermediary networks. Typically, this involves separating Unwired Servers from clients, either because of firewall policies or address space concerns. You then use a proxy server outside of the firewall (for example, the relay server)
to open ports that allow secure data passage through the firewalls to Unwired Platform components.
Most Unwired Platform installations will use the Relay Server as the network proxy in production scenarios. The Relay Server proxy tunnels between network zones; you can chain multiple servers together to allow for multiple hops.
This network architecture allows the Unwired Server to connect and communicate with remote client devices across multiple network boundaries (for example, the Internet, wireless network, or even other private networks).
- Data security – ensures that data is kept safe, and that access to it is controlled to protect data and keep it private. Data security has two sides:
- Data security – can be secured in platform databases by changing the DBA password and enabling encryption. Client-side databases can be encrypted using the Unwired Platform API.
- Device security – the ability to lock or wipe the device of enterprise data if the device is lost or stolen. You can use Afaria for this purpose.See System Administration > Environment Setup > Afaria Setup.
Together, these levels provide multitiered and complete protection in an Unwired Platform environment — especially when used with a relay server. Relay server (as opposed to a typical proxy server) allows secure data communication across network zones without opening holes in firewalls. This makes relay server more secure than the average proxy server counterparts. See System Administration > Environment Setup > Relay Server Setup.