Pre-Release Checklist

It's recommended to follow the best practices to ensure your application's security and performance just before releasing the application. The checklist in this article is a good starting point, but does not claim to be exhaustive.

With regard to the app's backend, go through these tasks before releasing your app.

Tighten content type permissions

Go over all your content types and double-check their permissions.

  • You might have relaxed certain permissions to ease development or testing. Turn them back to the values you have designed for them.
  • Depending on your application type, you may want to completely forbid anonymous access to your content types, even for reading.
  • If you rely on role-based permissions, ensure that the permissions for the various roles in your app are set according to your security design.

Tighten Business Logic permissions

Business Logic permissions are role-based.

  • Ensure that you have a good role strategy.
  • Ensure that you have assigned the minimum required permissions to each role.

Make secure requests to the backend

Ensure that you request the use of HTTPS when composing a RESTful request

Secure your Data Connectors

Ensure that you've implemented the security recommendations for setting up a Data Link Server in case you are using one.

Tighten push notifications security and upload production certificates

Disable Business Logic logging and remove old logs

Business Logic logs work towards your application's total storage quota.

  • Delete all log messages that have collected during development and testing. This ensures that your live app starts with full storage capacity.
  • If you expect your Business Logic to create excessive logging, either completely disable it or configure a log retention policy.

Empty event subscriptions in Cloud Code

Avoid keeping empty event handlers, where the only thing that you do is call done(). Such handlers take additional time to execute, decreasing performance. Either comment them out or delete them from your code.

Remove any master key usage from the client code

The master key is only meant to be used from secure code such as server-side code behind the company firewall or Cloud Code. You app code can easily be reverse-engineered to reveal your master key and is not considered secure.

  • Search your app code for master key usage and remove it.

Remove any debug headers

Operations for which you specify the X-Everlive-Debug header are run with debugging turned on. This may slow down you app.

  • Search your app code for the header and remove it.

Subscribe for the status page

The page at status.telerik.com provides timely information about current incidents as well as the history of past incidents. You can subscribe for notifications over email, SMS, RSS, and Atom, which will allow you to notify your users about any maintenance or downtime expected.

Start a free trial Request a demo
Contact us: +1-888-365-2779
sales@telerik.com
Copyright © 2016-2017, Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.