Welcome to Headwind MDM Q&A, where you can ask questions and receive answers from other members of the community.

Please do not post bug reports, missing feature requests, or demo inquiries. If you have such an inquiry, submit a contact form.

What is SHARED_SECRET ?

0 votes

1.) What is the purpose of the SHARED_SECRET variable in Headwind MDM?
2.) I noticed there is a default value for the SHARED_SECRET variable. Since I’m using the free version of Headwind MDM, is it possible to change this value, considering that others might also use the default and it could pose a security risk?

by (160 points)

1 Answer

0 votes

The shared secret (hardcoded in the mobile app and configured in the back-end) is used to sign the communication and avoid "man in the middle" attacks and unauthorized access to sensitive data.

You are completely right, it is recommended to change this value to avoid the security risk caused by using the default value.

To update the shared secret in the mobile app, get the source code, change the parameter REQUEST_SIGNATURE in app/build.gradle.

To apply settings, the mobile application needs to be rebuilt. You can build the app in Android studio or use the command

gradlew build

To update the shared secret in the back-end, edit the XML config file `/var/lib/tomcat9/conf/Catalina/localhost/ROOT.xml` and adjust the attribute hash_secret.

Both values of the shared secret must match.

by (41.2k points)
okay so I can basically change the shared_secret even though I am using free headwind mdm ?
by (160 points)
Headwind MDM Community is open source, so you can change anything including the shared secret.
by (41.2k points)
 | Snow Theme by Q2A Market
Powered by Question2Answer
...