Mykonos Software released a new version of their flagship product Mykonos. Version 1.2 contains significant new enhancements that help extend enterprise security measures to the AJAX client. The application addresses the gap between server-side authorization, access control, and logging solutions, and a full client-side presentation layer that rarely refreshes a Web page.
Key new security features include:
User-based Access Control
Developers can apply access control rules from existing Web Access Management solutions directly to the Mykonos presentation layer. They can apply additive user, group, and role-based permissions to entire applications, individual tabs, and even specific interface components. By applying access rules to the presentation tier, developers can deliver the same application to different groups with different privileges. They can also ensure that users never see options and objects for which they do not have data access.
Seamless Client-side SSO support
Mykonos 1.2 supports single sign-on integration with SAML v2-based identity providers such as OpenSSO. Mykonos ties SSO seamlessly into the client-side application experience: Users aren’t re-directed outside of the application to login, and when their sessions time out they can re-login without losing application state.
Client-side Security Logging
Mykonos 1.2 provides an application logging service that goes beyond server-side logging to include client-side activity that occurs between page refreshes. The service logs general client activity, as well as specific security events, including:
- Invalid signatures on requests and responses
- Corrupted data in encrypted requests or responses
- Attempts to access non existing methods or applications
- Invalid login attempts
- Unusual packet delays
- Session timeouts
Selective 128-bit encryption
Mykonos provides 128-bit AES encryption as an alternative to SSL. Developers can apply AES encryption to some or all requests and responses without being constrained by cross domain scripting restrictions or data size limits.
Several exploits including clickjacking rely on the ability to load an application inside an iFrame element, often in an attempt to get users to click on concealed links. Mykonos 1.2 applications always own the top level frame, and automatically break out any parent frames that are not authorized. Developers can maintain a whitelist of trusted parent frame URLs in the application’s XML configuration.