|
Security Feature |
Location / Configuration |
Description |
|---|---|---|
|
HTTPS/TLS encryption |
IIS or Kestrel server configuration |
Ensures encrypted communication between the client and the file server, and also between the client and PowerServer Web APIs. For detailed instructions, refer to Support HTTPS and Support TLS 1.3. |
|
Ignore certificate errors |
Project Painter > Security page |
Controls whether specific SSL certificate validation errors are ignored. In production environments this option should normally be disabled. |
|
HMAC message authentication |
Project Painter > Security page |
Uses HMAC algorithms to verify request integrity and prevent data tampering during transmission. |
|
URL whitelist enforcement |
apprun.json |
Restricts the Cloud App Launcher to accessing and downloading files only from a pre-defined list of permitted URLs. |
