Security Archives - { DreamFactory: 'Blog' }

December 3, 2018December 10, 2018

How I was port-out scammed in 3 hours

Tokyo, midday on a Friday. My phone kept buzzing during my customer meeting. The day was a workday, a day of travel and the day a personal property purchase was due to settle. Little did I know it was also the day I was the target of a “port-out” scam.

In the DreamFactory Tokyo office in Azabu Juban, Minato, in the few minutes I had between one meeting and the next, I glanced at my phone trying to keep pace with solicitor updates regarding my property transaction finalizing. Amidst the deluge of notifications my phone was providing, one thing I quickly dismissed were two verification SMS codes sent by my telco provider that I hadn’t asked for and didn’t give a second thought to:

Continue reading “How I was port-out scammed in 3 hours”

October 25, 2018October 26, 2018

Improved Data Security with MySQL Privileges and DreamFactory

All MySQL installations naturally include a root account and offer the ability to create restricted user accounts. However, otherwise sane developers will often use these root accounts for application-level communication, dramatically raising the likelihood of data theft, data exfiltration, and other security issues. For that reason the DreamFactory team always recommends users take care to create restricted MySQL users before using the platform to generate APIs.

In this tutorial, you’ll learn how to create a non-root MySQL user and then further restrict this user’s privileges to a specific database and even table subset. You’ll also learn how to subsequently revoke a user’s privileges to reflect changing requirements.

May 7, 2018November 13, 2018

Changing An API Key For One of Your Apps In DreamFactory

So what happens if you make a mistake and expose your admin app api_key or just need to change api_key associated with one of your apps? We have an easy workaround that doesn’t require you to have to change any of your endpoints or having to recreate an app, etc. This article shows you how to access all of your app API keys via MySQL or, if you haven’t fully started exploring DreamFactory yet, the default SQLite database.

April 20, 2018November 13, 2018

How To Configure An ELK Stack With DreamFactory

DreamFactory has had support for Logstash since version 2.3 for our Gold Tier version. Elastic makes some great tools to support very robust logging. Incorporating Elasticsearch, Logstash and Kibana into your powerful, scalable DreamFactory instance is a no brainer, especially for users who have a lot of data being pushed and pulled through various endpoints. This will make the lives of your admins so much easier with the amount of detail they can grab to troubleshoot issues. Continue reading “How To Configure An ELK Stack With DreamFactory”

August 23, 2016November 14, 2018

Generating DreamFactory client SDKs based on Swagger API definitions

We are pleased to introduce another DreamFactory community member, Phil Schuler. You may have read one of his blog posts about DreamFactory. In this tutorial, he will be demonstrating how to generate SDK’s based on API service Swagger definitions in DreamFactory. Continue reading

Category: Security

How I was port-out scammed in 3 hours

Improved Data Security with MySQL Privileges and DreamFactory

Changing An API Key For One of Your Apps In DreamFactory

How To Configure An ELK Stack With DreamFactory

Generating DreamFactory client SDKs based on Swagger API definitions

Product

Company

Community

Connect