MID Server security considerations

Several options are available for you to enhance security on MID Servers, including credential and encryption security, the authorization of SOAP requests, and the establishment of secure socket layer (SSL) connections.

Encrypt MID Server login credentials

The MID Server login credentials appear in the config.xml file in clear text by default, but you can encrypt them. See Encrypt MID Server login credentials for instructions.

MID Server encryption keypairs

Automation credentials are secured by encrypting them in the instance with the MID Server’s trusted public key prior to transmission. When the MID Server is created, it generates a keypair, consisting of a public and private key. After the MID Server is validated, it can use the private key to decrypt automation credentials. You should occasionally rekey the MID Server to meet your organizations security requirements. See Rekey a MID Server for instructions.

SSL certificates

You can add certificates to the MID Server if you want communication to occur over SSL. You can add these certificates to the cacerts keystore file:
  • Signing Certificate Authority (CA) certificate
  • MID Server certificate

See Add SSL certificates for the MID Server for instructions.

Basic authentication credentials and SOAP requests

You can enforce basic authentication on each request. The MID Server is not able to communicate through a proxy server if the proxy server supports only NTLM authentication. You can use basic authentication with a proxy server or create an exception for the MID server host.

Supplying basic authentication information, regardless of whether it is required, has an added advantage. The web service invocation creates or updates data using the supplied credentials. For example, when you create an incident record, the journal fields have the user id of the basic authenticated user instead of the default Guest user. This behavior allows you to identify data added by a specific MID Server.

You can set basic authentication credentials for SOAP requests. See Use basic authentication credentials for a MID Server for instructions. Each SOAP request contains an Authorization header as specified in the Basic Authentication protocol.

Note: The setting for enforcing strict security controls how the instance uses the credentials you provide for the MID Server. When the setting is enabled, you must provide a user ID with access to the tables the MID Server is trying to access. When the setting is disabled, any valid user ID allows the MID Server to access to all tables.