The following tables provide a quick reference to the key security-related settings in PowerServer and include links to the corresponding configuration topics.
|
Security Feature |
Location / Configuration |
Description |
|---|---|---|
|
PBD encryption (Encrypt p-code files) |
Project Painter > Security page |
Encrypts compiled p-code files to prevent reverse engineering of application logic. |
|
Application integrity validation (Validate integrity) |
Project Painter > Security page |
Verifies the hash value of each object file at runtime to detect unauthorized modification. |
|
Third-party DLL loading restriction (Strict mode) |
Project Painter > Security page |
Restricts DLL search paths to prevent DLL hijacking attacks. |
|
Advanced execution security flags (DEP/ASLR/CFG/SaveSEH) |
Project Painter > Security page |
Enables modern Windows security protections such as Data Execution Prevention, Address Space Layout Randomization, Control Flow Guard, and Safe Structured Exception Handling. |
|
Cookie validation |
index.html/cloudapplauncher-2.1.0.js |
Allows the launcher and application to automatically carry specific cookies in every HTTP request. For more information, refer to Support cookie validation. |
|
Security Feature |
Location / Configuration |
Description |
|---|---|---|
|
HTTPS/TLS encryption |
IIS or Kestrel server configuration |
Ensures encrypted communication between the client and the file server, and also between the client and PowerServer Web APIs. For detailed instructions, refer to Support HTTPS and Support TLS 1.3. |
|
Ignore certificate errors |
Project Painter > Security page |
Controls whether specific SSL certificate validation errors are ignored. In production environments this option should normally be disabled. |
|
HMAC message authentication |
Project Painter > Security page |
Uses HMAC algorithms to verify request integrity and prevent data tampering during transmission. |
|
URL whitelist enforcement |
apprun.json |
Restricts the Cloud App Launcher to accessing and downloading files only from permitted URLs (including Web API URL, launcher URL, and runtime URL). |
|
Security Feature |
Location / Configuration |
Description |
|---|---|---|
|
Management API access control |
UserStartup.cs or API authentication configuration |
Access to sensitive operations (license, DB connection, session management) via PowerServer Management APIs is disabled by default and must be explicitly enabled and protected with proper authorization policies. For detailed instructions, refer to Enable access to APIs. |
|
Windows authentication mode |
Project Painter > Security page |
Configures authentication modes such as Anonymous, Integrated, or UserPassword for integration with enterprise Windows domain environments. |
|
Security Feature |
Location / Configuration |
Description |
|---|---|---|
|
Secure connection string |
PowerScript database connection scripts |
Uses encrypted connection strings to prevent plain-text passwords from being exposed in memory. For more information, refer to Supports secure connection strings. |
|
Configuration password encryption |
CustomizeDeploy.dll tool |
Encrypts database or proxy passwords stored in deployment configuration files such as Applications.json or UserConfig.json. For more information, refer to Encrypt the password. |
