[Quickfixj-users] Seeking Advice on Implementing QFJ Acceptor with Internet Connectivity

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Dear QFJ Community,

I hope this message finds you well.

I am currently exploring the possibility of configuring a QuickFIX/J (QFJ)
acceptor that allows connections over the internet. Given the security
implications, I would greatly appreciate your guidance on best practices
and any suggestions you might have.

Here is the approach I am considering:

   1. Firewall Configuration: Only allow connections from whitelisted IP
   addresses to ensure that only trusted clients can reach the acceptor
   application.
   2. Mutual TLS (mTLS): Implement mTLS for client and server
   authentication, ensuring that both parties are verified via certificates.
   3. Encrypted Data: Use SSL/TLS to encrypt all data transmitted over the
   FIX session.
   4. Session Password: Require a password for the FIX session to add an
   additional layer of security.

I believe that combining these measures will provide a robust security
framework for our QFJ acceptor. However, I am seeking confirmation from the
community and any additional recommendations you might have.

Thank you in advance for your time and assistance.

Best regards, Felipe Windmoller