Security configuration for IBM MobileFirst Platform Foundation on IBM Containers

Your IBM MobileFirst™ Platform Foundation on IBM® Containers security configuration should include encrypting passwords, enabling application authenticity checking, and securing access to the consoles.

Encrypting passwords

Store the passwords for MobileFirst Server users in an encrypted format. You can use the securityUtility command available in the Liberty profile to encode passwords with either XOR or AES encryption. Encrypted passwords can then be copied into the /usr/env/server.env file. See Encrypting passwords for user roles configured in MobileFirst Server for instructions.

Application authenticity checking

To keep unauthorized mobile applications from accessing the MobileFirst Server, enable application authenticity. Learn more...

Configure SSL for Operations Console and Analytics Console

You can secure access to the MobileFirst Operations Console and the MobileFirst Analytics Console by enabling HTTP over SSL (HTTPS) on the MobileFirst Server.

To enable HTTPS on the MobileFirst Server, create the keystore containing the certificate and place it in the usr/security folder. Then, update the usr/config/keystore.xml file to use the keystore configured.

Securing a connection to the back end

If you need a secure connection between your container and an on-premise back-end system, you can use the Bluemix® Secure Gateway service. Configuration details are provided in this article: Connecting Securely to On-Premise Backends from MobileFirst on IBM Bluemix containers.