Security Vulnerabilities

This topic describes the key security technologies for Flogo Enterprise software. In addition to these key technologies, security also depends in part upon the correct use of its capabilities.

  • Unauthorized access to the UI or your development environment

    Make sure you do not share your Flogo Enterprise installation with other users. Do not allow other users to remote login to your machine and use your Flogo Enterprise installation. Do not give the host IP or name of the machine on which your Flogo Enterprise is running to another user. Doing so allows the user to access your Flogo Enterprise installation from a remote browser by constructing the URL (http://<your_machine_IP>:8090) with your IP. If your IP is publicly accessible, your apps can be compromised.

  • Flogo Enterprise uses some third-party software, for example, Docker and OpenSSL. If the security of the third-party software gets compromised, it can compromise the security of the UI too.
  • Currently, Flogo Enterprise does not support HTTPS to secure communication from the browser to the server. Hence, we recommend that the browser used to access Flogo Enterprise reside on the same machine as your Flogo Enterprise installation.