Best Practice Security Measures

ArcGIS and Database Data Sources - Least Privilege Principle

The principle of least privilege is a security concept in which user accounts are given the minimum level of access necessary to perform their purpose. We strongly recommend you follow this principle when configuring data sources.

When configuring ArcGIS sources using authentication, it is recommended that you use an account created specifically for this purpose with read-only access to only the services you wish to make available to LocalMaps queries.

When configuring database sources, again use an account with read-only privileges. Limit the data that this account can access. Ideally stored procedures should be used as these allow much more control over permissions and better protection against any database breaches.

Custom error pages - IIS configuration

Custom error pages can be added to IIS to hide information disclosed when LocalMaps returns an error. This may affect other client applications and may make troubleshooting more difficult but might be valuable to reduce the information which can be found publicly through any external facing LocalMaps site. For more information, please have a read through the Microsoft documentation at HTTP errors.