This method combines the advantages of managing users and roles outside of ArangoDB in the LDAP server with the fine-grained access control within ArangoDB for the individual roles.Īn alternative method (b) for authorization is to conduct a search in the LDAP server for LDAP objects representing roles a user has. The user effectively has the union of all access rights of all roles he has. The actual access rights to databases and collections for these roles are configured in ArangoDB itself. In method (a) ArangoDB acquires a list of roles the authenticated LDAP user has from the LDAP server.
Once the user is authenticated in the LDAP server, there are two methods for authorization: (a) “roles attribute” and (b) “roles search”. An ArangoDB server with LDAP certification has the access to revoke any permission database. Authorization also determines what actions a user is permitted to make once entering the system such as read/write privileges. Access Control - AuthenticationĪfter the user’s identity has been established, it must be determined if they have permission to access the data they are querying. Encrypted backups are supported with the default storage engine RocksDB. The keyfile can be created by either an external program, or, on Linux, using a simple command. The dump is encrypted using an encryption keyfile, which must contain exactly 32 bytes of data (required by the AES block cipher). The ArangoDB server provides a variety of SSL options including: SSL Endpoints, Keyfile, CA File, SSL protocol, SSL Cipher, and SSL peer certificate (only available in Enterprise Edition).Įncrypted Backups : With the ArangoDB Enterprise Edition, AES 256 encryption of data dumps is supported. Furthermore, most modern CPU’s have built-in support for hardware AES encryption, which makes it even faster.Įncryption in Transit : SSL Certification Encryption is used to protect data in transit from the database to the application. This means that your data is safe, but your database is still fast, even under load. The data is encrypted with AES-256-CTR, which is a strong encryption algorithm, that is very suitable for multi-processor environments.
The Encryption feature of ArangoDB will encrypt all data that ArangoDB is storing in your database before it is written to disk. ArangoDB has you covered keeping your data encrypted at all times using three different methods to: Encryption at Rest, Encryption in Transit, and Encrypted Backups.Įncryption at Rest : To protect against direct reading of files that are already on a disk ArangoDB offers Encryption at Rest. Encryption is a critical safeguard that ensures the security of the data and protects outside users from accessing data by monitoring traffic or intercepting data in transit.
0 kommentar(er)
