| id | title | sidebar_position |
|---|---|---|
security |
Security Considerations |
6 |
Security is critical when enabling direct tool access through UTCP. This guide covers security considerations specific to UTCP's "manual" approach and provides practical guidance for secure implementations.
UTCP's direct communication model has unique security characteristics:
Advantages:
- No middleman to compromise
- Native security controls remain intact
- Reduced attack surface (no proxy servers)
- Existing monitoring and logging continue to work
Considerations:
- Clients must handle multiple authentication methods
- Manual endpoints become discovery targets
- Variable substitution introduces injection risks
Secure your UTCP manual endpoints:
Best Practices:
- Implement authentication for manual discovery endpoints
- Validate discovery access tokens
- Return only tools the client is authorized to see
- Filter tools based on user permissions
- Log all manual discovery attempts
{
"auth": {
"auth_type": "api_key",
"api_key": "${API_KEY}",
"var_name": "X-API-Key",
"location": "header"
}
}Secure implementation:
- Use rotating API keys with current and next key support
- Implement automatic key rotation based on time
- Store keys securely in environment variables
- Validate keys before processing requests
{
"auth": {
"auth_type": "oauth2",
"client_id": "${CLIENT_ID}",
"client_secret": "${CLIENT_SECRET}",
"token_url": "https://auth.example.com/token",
"scope": "tools:read tools:execute"
}
}{
"name": "admin_tool",
"description": "Administrative operations",
"tool_call_template": {
"call_template_type": "http",
"url": "https://api.example.com/admin/action",
"http_method": "POST",
"auth": {
"auth_type": "api_key",
"api_key": "${ADMIN_TOKEN}",
"var_name": "Authorization",
"location": "header"
}
}
}Required configurations:
{
"call_template_type": "http",
"url": "https://api.example.com/endpoint",
"verify_ssl": true,
"timeout": 30,
"headers": {
"User-Agent": "UTCP-Client/1.0",
"X-Request-ID": "${request_id}"
}
}Security checklist:
- ✅ Always use HTTPS in production
- ✅ Validate SSL certificates (
verify_ssl: true) - ✅ Set appropriate timeouts
- ✅ Include request tracking headers
- ✅ Implement retry limits
:::danger High Risk Protocol CLI execution poses significant security risks. Use with extreme caution. :::
Secure CLI implementation:
{
"call_template_type": "cli",
"commands": [
{
"command": "cd /safe/sandbox",
"append_to_final_output": false
},
{
"command": "/usr/local/bin/safe-script --input UTCP_ARG_sanitized_input_UTCP_END",
"append_to_final_output": true
}
],
"working_dir": "/safe/sandbox",
"env_vars": {
"PATH": "/usr/local/bin:/usr/bin",
"HOME": "/tmp/sandbox"
}
}Security requirements:
- ✅ Use absolute paths for commands
- ✅ Sanitize all input parameters
- ✅ Run in sandboxed environments
- ✅ Limit environment variables
- ✅ Set strict timeouts
- ✅ Validate exit codes
- ✅ Use minimal user permissions
Input sanitization requirements:
- Remove dangerous shell metacharacters:
;,&,|,`,$,(),{},[],<> - Escape inputs appropriately for shell execution
- Use parameterized command execution when possible
- Validate inputs against expected patterns
- Implement length limits for all inputs
Secure SSE configuration:
{
"call_template_type": "sse",
"url": "https://api.example.com/events",
"headers": {
"Authorization": "Bearer ${SSE_TOKEN}",
"Accept": "text/event-stream",
"Cache-Control": "no-cache"
},
"timeout": 300,
"max_events": 1000
}Security considerations:
- ✅ Authenticate SSE connections
- ✅ Set maximum event limits
- ✅ Implement connection timeouts
- ✅ Validate event data format
- ✅ Monitor for event flooding
Secure file access:
{
"call_template_type": "text",
"file_path": "/safe/data/${filename}"
}Security measures:
- ✅ Restrict file paths to safe directories
- ✅ Set maximum file size limits
- ✅ Validate file extensions
- ✅ Prevent directory traversal attacks
- ✅ Use safe encoding handling
Path validation requirements:
- Resolve all paths to absolute paths
- Check if paths are within allowed directories
- Handle symbolic links by resolving them first
- Validate against directory traversal attacks (
../) - Return false for any path resolution errors
- Use allowlists of permitted directories
Secure MCP server configuration:
{
"call_template_type": "mcp",
"config": {
"mcpServers": {
"server_name": {
"transport": "stdio",
"command": ["python", "-m", "my_mcp_server"]
}
}
}
}Security considerations:
- ✅ Use trusted MCP server implementations
- ✅ Sandbox MCP server processes
- ✅ Limit server resource usage
- ✅ Monitor server health and logs
- ✅ Implement server restart policies
Comprehensive input validation:
{
"inputs": {
"type": "object",
"properties": {
"email": {
"type": "string",
"format": "email",
"maxLength": 254
},
"age": {
"type": "integer",
"minimum": 0,
"maximum": 150
},
"tags": {
"type": "array",
"items": {"type": "string", "pattern": "^[a-zA-Z0-9_-]+$"},
"maxItems": 10
}
},
"required": ["email"],
"additionalProperties": false
}
}Server-side validation requirements:
- Use regex patterns to validate input formats (e.g.,
^[a-zA-Z0-9_-]+$for user IDs) - Implement maximum length limits for all string inputs
- Remove dangerous characters like
<>,",'from user inputs - Validate all inputs against expected schemas
- Sanitize inputs before processing
Secure variable loading requirements:
- Only allow variables with approved prefixes (e.g.,
UTCP_,API_) - Validate variable names against allowlists
- Implement length limits for variable values (e.g., max 10,000 characters)
- Check for dangerous characters in values (
<,>,",') - Use secure variable substitution methods
- Log all variable access attempts
Secure substitution requirements:
Implement variable substitution with these security measures:
- Only substitute variables matching the pattern
${variable_name} - Validate variable names contain only alphanumeric characters and underscores
- Check that all variables exist before substitution
- Sanitize variable values to prevent injection attacks
- Reject values containing dangerous characters like
<,>,",',;,& - Limit variable value length to prevent buffer overflow attacks
Minimum TLS requirements: TLS configuration requirements:
Configure secure HTTP clients with these settings:
- Enable SSL certificate verification
- Set reasonable connection timeouts (e.g., 30 seconds)
- Limit maximum connections to prevent resource exhaustion
- Use TLS 1.2 or higher as minimum version
- Enable hostname verification
- Require certificate verification (CERT_REQUIRED mode)
Enhanced certificate validation:
Implement robust certificate validation:
- Use trusted certificate authority bundles
- Enable hostname verification against certificate
- Require valid certificate chains
- Set minimum TLS version to 1.2
- Configure strong cipher suites (ECDHE+AESGCM, CHACHA20, DHE+AESGCM)
- Reject weak algorithms (aNULL, MD5, DSS)
Comprehensive security logging:
Implement security logging with these components:
- Tool Call Logging: Record all tool invocations with user ID, tool name, timestamp, success status, and parameters
- Authentication Logging: Log authentication attempts, failures, and reasons
- Structured Format: Use JSON format for easy parsing and analysis
- Sensitive Data Protection: Avoid logging sensitive information like passwords or tokens
- Audit Trail: Maintain immutable logs for compliance and forensic analysis
Basic anomaly detection:
Implement anomaly detection with these features:
- Rate Limiting: Track requests per user with configurable limits (e.g., 60 calls/minute, 1000 calls/hour)
- Time Window Management: Clean old entries and maintain sliding time windows
- Multi-tier Limits: Enforce both short-term (per minute) and long-term (per hour) rate limits
- Automatic Blocking: Reject requests that exceed configured thresholds
- Call Tracking: Record timestamps of all user requests for analysis
Security test examples:
Implement comprehensive security testing:
- Injection Prevention Tests: Test for SQL injection, command injection, and other malicious inputs
- Path Traversal Tests: Verify protection against directory traversal attacks (../../../etc/passwd)
- Rate Limiting Tests: Confirm rate limiting enforcement under high load
- Authentication Tests: Validate proper authentication and authorization
- Input Validation Tests: Test boundary conditions and malformed inputs
Automated security checks:
Implement automated security validation:
- Protocol Security: Verify HTTPS usage instead of HTTP for web requests
- Credential Detection: Check for hardcoded passwords, secrets, or API keys
- Variable Validation: Ensure proper variable substitution patterns (${variable})
- CLI Security: Validate command-line tools use absolute paths and safe commands
- URL Validation: Check for suspicious or malformed URLs
- Configuration Review: Automated scanning of UTCP manuals for security issues
- UTCP manual endpoint requires authentication
- All tool endpoints use HTTPS/WSS
- Input validation implemented for all tools
- Rate limiting configured per user/tool
- Security logging enabled
- Credentials stored securely (not hardcoded)
- SSL certificate validation enabled
- Appropriate timeouts configured
- Error messages don't leak sensitive information
- Variable substitution is sanitized
- SSL certificate verification enabled
- Connection timeouts configured
- Rate limiting respected
- Security events logged
- Credentials rotated regularly
- Network connections monitored
- Input validation before tool calls
- HTTP: HTTPS only, certificate validation
- CLI: Sandboxed execution, input sanitization
- SSE: Authenticated connections, event limits
- Text: Path validation, size limits
- MCP: Trusted servers, resource limits
By following these security guidelines, you can safely implement UTCP while maintaining strong security posture across all communication protocols.
For protocol-specific security details, see: