Fábio Dias wrote:
Hi,
Can someone tell me which protocol Outsystems use to communicate between the client and the server in mobile apps when it runs a server action?
I've read this: https://success.outsystems.com/Documentation/10/Developing_an_Application/Implement_Application_Logic/Actions_in_Mobile_Apps but it didn't answer my question.
Thank you!
Hi Fabio,
Secure data in transit
In addition to securing the device and the app, the channel that transports sensitive information between the backend and the device should also be considered.
Mobile applications created with OutSystems require that all communication uses the HTTPS protocol with a valid certificate. This ensures that all data transferred across the channel is encrypted.
Take care of the man in the middle
Even with an encrypted channel you should prevent man-in-the-middle attacks by validating the origin of the information you receive. This is achieved with a technique called SSL pinning which validates the certificate used to encrypt the information in the communication channel matches the one you expect.
Implementing SSL pinning in OutSystems mobile apps is simple using the SSL pinning plugin.
Reaching your corporate network
Many times your mobile apps need to communicate with a backend that resides behind firewalls in the corporate network. The usual approach is to use a VPN to securely access the corporate network. This means that a VPN configuration needs to be set in the device so the applications can reach the backend.
Operating systems allow creating these VPN connections but this imposes not only a configuration issue - the end user needs to know how to configure it and to switch the connection on before using the app - but also a security issue. A system-wide VPN configuration means that any app that runs on the device also has access to the corporate network.
MAM tools allow the configuration of per-app VPNs, which solve both problems. Since the configuration is bundled in the app, the user no longer needs to perform this configuration on the device. When the app starts, the VPN connection is established automatically. Only that app can use the VPN tunnel to communicate with the backend, preventing other apps from accessing the corporate network.
For more information about this....Please refer below document link
Enjoy !!!
Best Regards,
Amit Verma