Security

Authentication

[Basic authentication, api key. Admin user. Public user. Database level authentication.]

Authorization

[Database, user and query configuration. Database level authorization.]

HTTPS/SSL

HTTPS provides authentication of the web server and encryption of communication between client and server. It's strongly recommended to use it especially that it's easily configurable for SlashDB.

To enable HTTP Secure you will require a private key and a signed certificate and access to instance of SlashDB via SSH. For testing or development purposes only you may generate a self-signed certificate.

Add or edit NGINX directives listen, ssl_certificate ssl_certificate_key to /etc/slashdb/nginx/nginx.conf file

server_name your-slashdb.com;
listen 80;
listen 443 ssl;
ssl_certificate /path/to/ssl/server.crt;
ssl_certificate_key /path/to/ssl/server.key;

and restart NGINX server

sudo /etc/init.d/nginx restart

It's also important to remember to allow inbound traffic on port 443 especially for Microsoft Azure or Amazon EC2

Creating self-signed SSL certificate

  1. Generate a private key

  2. Generate a CSR (Certificate Signing Request)

  3. Remove Passphrase from Key

  4. Generate a Self-Signed Certificate

  5. Cross-Origin Resource Sharing (CORS)

results matching ""

    No results matching ""