Developing Secure Applications

For security, application developers focus on the realm connect call and its arguments. Complete this task, or use its steps as a checklist.

Prerequisites

The application developer and administrators have already coordinated to exchange security-related information and artifacts. See Coordination.

Procedure

  1. Coordinate for secure transports.
    Coordinate with administrators to specify secure transports. Record this administrative requirement on the Endpoint Coordination Form.
  2. Secure connections to FTL servers using HTTPS.
    In the realm connect call, specify HTTPS as the protocol in the serverURL argument.
    For example: 
      https://FTLsvr1:8585|https://FTLsvr2:8585|https://FTLsvr3:8585
  3. Authenticate clients to the FTL server.
    In the realm connect call, supply client credentials using the USERNAME and USERPASSWORD properties.

    The administrator must ensure that the user is in the authorization group ftl.

  4. Arrange trust in the FTL servers.
    The application must trust the FTL servers.

    Request the FTL server trust file from the administrator.

    In the realm connect call, supply either the location of the trust file, or its contents as a string in PEM encoding. The following properties organize that information in the connect call:
    • TRUST_TYPE
    • TRUST_FILE
    • TRUST_PEM_STRING
    For details, see the API documentation.
  5. Verify authorization for requests.
    If the application responds to requests, verify that the requestor has authorization for the request.
    If a request is forwarded from an eFTL client, the _user field of each request message contains the requestor's user name. For details, see "User Field" in TIBCO eFTL Concepts.