Face SDK Security
This documentation provides guidelines to ensure the robustness and safety of your Face SDK implementation.
Securing Network Connections
For secure data transmission, use HTTPS connections:
Authentication of Requests
The Face SDK Web Service does not inherently support authentication and processes all incoming requests without discrimination. To mitigate the risk of unauthorized or malicious usage, it is strongly recommended not to expose the Web Service to public Internet access.
For enhanced security, you need to deploy the Web Service within a closed perimeter, like a Demilitarized Zone (DMZ), and configure a proxy server at the entrance point:
The simplest method to establish secure access is as follows:
1. Set up Basic authentication on the proxy server. This authentication mechanism requires clients to provide valid credentials to access the Web Service.
2. When sending a request to the Web Service, include the appropriate authentication header:
- Configuring headers on Web Service
- Configuring headers on Mobile
- Configuring headers on Web Components
3. The incoming request is authenticated by the proxy server.
4. If the authentication process succeeds, the request is forwarded to the Web Service for processing.
5. If authentication fails, the request is rejected.
CSP Nonce for Web Components
Content Security Policy Nonce (CSP Nonce) is a security tool that prevents harmful content injection into web pages. It works by associating a unique cryptographic token, known as a "nonce", with specific web content.
CSP Nonce ensures that only approved scripts and resources run on a web page. This is achieved by generating a nonce on the server side and embedding it in the page's content and CSP header. The browser identifies unauthorized content without the correct nonce, protecting users from potential threats.
To enable Content Security Policy support for the Face SDK Web Components, use the nonce setting. For details, consult the Web Components documentation:
Certificate Pinning
Certificate Pinning is a crucial security mechanism that bolsters server identity trust in mobile applications. By implementing сertificate pinning, applications can establish a secure and verified connection with a designated server, mitigating the risks associated with potential man-in-the-middle attacks.
