This section describes the various methods provided for securing access to StreamBase Server and for enciphering private strings such as passwords in the server configuration file.
StreamBase provides several choices for organizations that need to control access to data when deploying StreamBase applications.
- 1. StreamBase Server LDAP Authentication
-
The LDAP authentication feature was moved into StreamBase Server itself from its former location in the Proxy Server. LDAP authentication offers a high level of security and provides:
-
User management through one or more LDAP servers, including Active Directory servers.
-
Authorization by user to perform specific commands based on roles.
-
- 2. SSL Authentication Through the StreamBase Proxy Server
-
The StreamBase Proxy Server runs independent of StreamBase Server and offers a high level of security using the SSL protocol. Use the Proxy Server to provide:
-
Encrypted communication.
-
Authentication of remote entities and users using either one-way or two-way SSL, and signed X.509 certificates.
To learn about using this security option, see Using the Proxy Server.
-
- 3. StreamBase Server Simple Authentication
-
This option is the simplest to configure but provides the lowest level of security. Implemented entirely through StreamBase configuration files, it provides:
-
No encryption (but see the Enciphering option below).
-
User authentication using username and password.
-
Authorization based on user roles.
To learn about using this security option, see Using StreamBase Server Simple Authentication.
-
- 4. Enciphering passwords and strings
-
You can encipher the certain values in the server configuration file so that they are not readable as plain text. StreamBase Server automatically deciphers these enciphered values. See Enciphering Passwords and Parameter Values.
The StreamBase Proxy Server and StreamBase simple authentication are mutually exclusive: you can configure only one for any StreamBase Server instance. However, there is no conflict in using both SSL and LDAP authentication at the same time.
You can use the enciphered password feature by itself or in combination with the other security options.