Securely Deploying Web Apps

  • Install the MATLAB® Web App Server on a dedicated physical or virtual machine, and do not use this machine for any other purpose.

  • Run web apps behind your organization firewall. Do not allow access from the open Internet.

  • Install web apps only from trusted and verified people and organizations.

  • Limit the features and functionality you build into the web apps you develop.

    • Do not call the MATLAB function eval().

    • Avoid free-text input where you can, and use menus, lists, buttons, and other affordances instead.

    • Sanitize input from the app user interface and data files.

    • Limit file, network, and other resource access to the minimum required by your app.

    • Verify the trustworthiness of any third-party code included in your app.

  • If your application accesses sensitive data, use in-application authentication to limit access.

  • Reduce exposure level by limiting the time that the app runs to only those times when it is needed. For example, do not run it 24 hours a day, 7 days a week from your desktop.

See Also

Topics