5 Replies Latest reply on Feb 9, 2017 11:10 PM by keriw RSS
    qn Communicator

    How to safely give access to ThingWorx platform to final client ?



    This is a part of several methods I must use to secure the ThingWorx deployment and production. The ThingWorx platform is based on our server. My final clients will have access and use the mashup created from ThingWorx. Do you have an idea how to do it safely ? Of course there are some users created for different clients.


    Here are some problems:

    - Giving the direct link of FormLogin / Mashup to client: they can simply modifiy the link to have access of Composer for example. Even if they can't modify my Things, my DataShapes ..., it's better to not giving access to Composer. Is there something to do with the group Users in the organization Everyone ?

    - Trying to place the Mashup in an iframe: web page source code shows the link "src" of iframe. It is possible to hide it ?

    - Only allow access to Composer with the Tomcat filter "Remote Address Filter" (https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#Remote_Address_Filter): when giving my IP address (10.19....., not localhost), I can't open any page of ThingWorx.


    Thank you in advance for your answers. Maybe finding a solution for this problem could help others too.