Securely Deploying Web Apps

  • Install the MATLAB® Web App Server on a dedicated physical or virtual machine, and do not use this machine for any other purpose.

  • Run web apps behind your organization firewall. Do not allow access from the open Internet.

  • Install web apps only from trusted and verified people and organizations.

  • Limit the features and functionality you build into the web apps you develop.

    • Do not call the MATLAB function eval().

    • Avoid free-text input where you can, and use menus, lists, buttons, and other affordances instead.

    • Sanitize input from the app user interface and data files.

    • Limit file, network, and other resource access to the minimum required by your app.

    • Verify the trustworthiness of any third-party code included in your app.

  • If your application accesses sensitive data, use in-application authentication to limit access.

  • Reduce exposure level by limiting the time that the app runs to only those times when it is needed. For example, do not run it 24x7 from your desktop.

Related Topics