Search the Community

Anyone here with RADServer setup experience? I'd like to find some advice or resources on how to secure the Server besides the SSL certificates and usual Apache/NGinx stuff. It would be more on how to avoid anyone being able to hack into the server and change/get data just by using the URL. Using DataSource parameters is a good way to avoid escaping all URL characters and avoiding SQL injection. Found that: https://blogs.embarcadero.com/tech-tip-how-do-i-secure-rad-server-for-production-deployment/ But besides that? It seems to me, without practicing, that passing everything via the URL is a wide open door to guess what could be other URL keywords, variables, etc... I want to make sure that calls are, in a way, logged in with credentials before accessing anything and get answers from the server. That kind of things. I read David I hands on RadServer document, but it's more focused on how to use it for Rest than actually securing it. Thanks for any help and lights on RadServer deployment.