Security

Tropofy has been used to develop web apps with enterprise security requirements. The article below describes some utilities and best practices that can be followed to aid you in development.

Warning

Web application security has many different factors. The Tropofy framework is one part of many that are required to deploy a secure web application.

Change Authentication Keys from Defaults

For user access management of a Tropofy app, authentication keys are used on your compute node to encrypt browser cookies. Before deploying you app, you should change these keys from the defaults. Find them in your apps .ini file under auth.policy_secret and auth.session_factory_secret.