Mobile & Event App security
I think the System Key on the mobile and events apps should be hidden. It is one of the three items a hacker would need to access the system. Another is the user name which is also helpfully given!
Having a description field on the server/workstation which hosts the service for the app which is then displayed on the device instead of the system key would be better.
-
Martin Porcas
- Sep 30 2013
Related ideas
"Being able to hide the system key would be a good feature. It would *help* with this problem of unauthorized devices, but I have a question: from the examples I saw, it looked like if you had to Deactivate then Activate a database again, a new system key would be generated. So wouldn't that mean that if you had to reboot the server for any reason, you'd have to go give all uses the key all over again? C'mon, Blackbaud--you've *got* to provide better means of regulating which devices can connect to the database. Our users want mobile access, but our network security won't sign off if we're essentially enabling user's to store just any old data from the database onto their very-easy-to-lose mobile phone."