5.1 Security Considerations for Implementers

  • Article

The server might be returning potentially sensitive data in its responses. Therefore, it is strongly recommended that the server be configured to use GSS-API based encryption over TCP or Secure Sockets Layer (SSL) over HTTPS to ensure the integrity of the data and to prevent tampering and unauthorized access.

There are two strategies for reducing the impact of denial-of-service (DOS) attacks against the server. These strategies are as follows:

  • Authentication is enabled, and access is denied to unauthenticated clients. This process allows a user to quickly disable access to rogue client machines. Authentication is always enabled for the MDS service.

  • No single request takes too much processing time on the server. This ensures that any attacker must keep up a steady stream of requests to deny access to the server. Therefore, a simple network trace allows the attacking machine to be identified and shut down. This process applies to requests that are sent by "spoof clients" (for example, a virus that emulates a client. This virus might try to pass an unbounded request or a long-running MDX query).