You can increase the security of your Web application by increasing the security level of the HTTP requests. You can configure the security level of the HTTP requests in the following elements:
- UI Flows (the value specified is used as default for all Web Screens in the flow);
- Web Screens;
- Exposed SOAP Web Services;
- Exposed REST APIs.
HTTP requests are always secure in mobile apps, therefore this configuration does not apply to mobile scenarios.
To configure the HTTP security level for these elements, set its HTTP Security property to the desired value. The following types of HTTP security are available:
SSL/TLS: The HTTPS protocol is used in the requests and client certificates can be accepted but are not required;
SSL/TLS with client certificates: The HTTPS protocol is used in requests and client certificates are required (not applicable to REST APIs).
If you access an application using an explicit secure request (starting with https://), OutSystems will maintain the secure protocol while navigating over non-secure elements.
Client Certificate Actions
OutSystems provides two System Actions that you can use when you are using client certificates:
- ClientCertificateGetDetails: Returns information about the current client certificate;
- ClientCertificateValue: Returns the value of a specific property of the current client certificate.