The ArcGIS Rich Client application architecture traditionally involves interaction between a user interface running on the client desktop (ArcInfo, ArcEditor, ArcView, ArcEngine, and ArcGIS Explorer) and centralized data source (RDBMS) managed by ArcGIS Server utilizing ArcSDE technology located on one or many servers. The application logic can run on either the ArcSDE/database server or ArcGIS client.
Security issues involve a range of concerns, including protecting sensitive data, user authentication and authorization, guarding against attack from malicious code and users, and auditing and logging events and user activity. To address these issues ArcGIS integrates with industry standards and technologies that provide infrastructure services. Industry best practices can be used to secure those services without impacting ArcGIS.
General Rich Client Security Guidelines:
- Determine the appropriate technology and approach for authenticating users, including support for multiple users of the same rich client application instance. You should consider how and when to log on users, whether you need to support different types of users (different roles) with differing permissions (such as administrators and standard users), and how you will record successful and failed logons. Take into account the requirements for disconnected or offline authentication where this is relevant.
- Consider a single sign-on (SSO) or federated authentication solution if users must be able to access multiple applications with the same credentials or identity. You can implement a suitable solution by registering with an external agency that offers federated authentication, use certificate systems, or create a custom solution for your organization.
- Out of the box, Windows Integrated Authentication can be utilized with ArcGIS Rich Clients for a SSO user experience.
- Consider how you will protect data stored in the application and in resources such as files, caches, and documents used by the application. Encrypt sensitive data where it might be exposed, and consider using a digital signature to prevent tampering. In high-security applications, consider encrypting volatile information stored in memory. Also, remember to protect sensitive information that is sent from the application over a network or communication channel.
- Consider how you will implement auditing and logging for the application, and what information to include in these logs. Remember to protect sensitive information in the logs using encryption, and optionally use digital signatures for the most sensitive types of information that is vulnerable to tampering.
- Consider choosing an appropriate client/server ArcGIS communication protocol
- Direct Connect
- Currently the most common mechanism of communication between Rich Clients and database servers
- Utilizes standard SQL protocol communication with database servers
- Allows securing communication between clients and database systems by utilizing standard database vendor solutions with SSL or IPSec
- Application Connect
- Proprietary communication protocol between client and server
- Some customers prefer this solution to avoid deployment of database client software to rich client machines
- Web Services interface to ArcGIS Server
- Direct Connect
Consuming ArcGIS Server Tokens for Rich Client Security
- User enters valid username and password into the connection dialog.
- If no username or password is entered, or the login is incorrect, the software will prompt the user to enter correct credentials.
- Once correct username and password are entered, the user can use the service normally.
Custom Development for Rich Client Security
The security of the desktop application can be improved through the use of custom control extensions.
- Implement technologies such as Identity Management (IM), access control, and provide the ability to restrict ArcGIS client operations (edit, copy, save, print) that an authorized user can perform
- Developed using the ArcObjects development interface