MATLAB Web App Server Security
It is strongly recommended that you consult with your IT system administrator and discuss the security implications of installing the MATLAB® Web App Server™.
Installing and running the server on your network exposes your network and file system to risks. The machine running the server is most at risk from accidental or deliberate misuse of deployed web applications. Therefore, you must install the server software only on dedicated hardware. This machine can be a physical or virtual machine whose only purpose is to host web applications that connect to the server software. Using a physical or virtual machine limits the risk in the event that the machine is compromised.
Setting up MATLAB Web App Server creates two low-privileged user accounts on the host machine—one for the server and one for applications. However, you can choose to use the same account. However, using the same account can introduce additional risks. In addition, through a process known as privilege escalation, attackers may be able to exploit bugs in the operating system or network to obtain the privileges of ordinary or even administrative users. They can then attempt to access files or other intellectual property without permission.
You may be able to mitigate some of these risks by taking these precautions:
Restrict network access: Only trusted users can access the server and its associated applications.
Execute only trusted applications: Trust applications developed by only well-known, trusted, and authenticated sources.
Limit application functionality: Include in the application only those features of MATLAB required for the application to perform its function. For more information, see Authoring Secure Web Apps.
Enable authentication: Prevent unauthorized access to web apps by enabling authentication. For details, see Authentication.
Use containers: Enable containers on the server so that web apps can run in a containerized environment. Containers provide isolation which prevents potential security vulnerabilities or misconfiguration in one container from affecting others or the host system. For details
For a list of additional risks, see Potential Risks.