Security Tweet

[flasht]

As I understand, when having IP and GUID anybody can run anything on my server, right? How do I protect it? I would like to make my application public through orbx... but I can't allow people to run anything...

Is it possible to run more than one instance of one application on single G2 Instance? I mean so many people could connect to one server and get own one...

[Icer5k]

You are correct - with an IP and GUID, anyone can access your server. How "secure" are you trying to make the instance? The GUID is randomly generated on boot, so it's fairly secure. If you want to ensure people can't guess it, you can restart the WebCL service and it'll generate a new GUID.

Regarding public access, you may want to look at our console AMIs - they are sandboxed to only run a single application without exposing access to the Windows or Linux desktop.

It's possible to run multiple applications in a single session (like a normal Windows desktop), but it's not currently possible to run multiple sessions per instance.

[flasht]

Not sure what you mean by console AMIs... I need to make some 3D application public, but don't want to allow user to run anything else... how do I do that?

[Icer5k]

We currently have 2 broad types and 5 individual AMIs.

We have Workstation and Console AMIs - workstation AMIs are designed for use by a user and give you a Windows or Linux graphical desktop in the cloud. Console AMIs are designed to run a single application in an isolated environment, allowing a developer to expose access to an application to end users.

You can view a list of all our AMIs here: https://aws.amazon.com/marketplace/sell ... a79ff5b65e

Since you want to make a 3D application available to the public, you should be working with the Console AMI.

[flasht]

Thank you for your response... could you please give me some link to information how to set it up? I can't find any on Amazon site... it is hard to find anything there. What I need exactly is to allow users to connect to my application, make something in there and quit... while the application saves what they did... is it even possible without allowing access to saved data to users so they couldn't delete it?

Edit:

Oh my AMI is console: ORBX_Cloud_Console_AMI

But you can run cmd and delete eveything... how to avoid it? Even when setting up shell to my application, everyone can still run anything via "START" get parameter. Any way to disable it?