aboutsummaryrefslogtreecommitdiffstats
path: root/lib/orber/doc/src/ch_security.xml
blob: 6b5c9b90ec18fcf5c2cb9552c37ec2235a0e8df3 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE chapter SYSTEM "chapter.dtd">

<chapter>
  <header>
    <copyright>
      <year>1999</year><year>2013</year>
      <holder>Ericsson AB. All Rights Reserved.</holder>
    </copyright>
    <legalnotice>
      Licensed under the Apache License, Version 2.0 (the "License");
      you may not use this file except in compliance with the License.
      You may obtain a copy of the License at
 
          http://www.apache.org/licenses/LICENSE-2.0

      Unless required by applicable law or agreed to in writing, software
      distributed under the License is distributed on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      See the License for the specific language governing permissions and
      limitations under the License.
    
    </legalnotice>

    <title>How to use security in Orber</title>
    <prepared></prepared>
    <docno></docno>
    <date>1999-09-01</date>
    <rev></rev>
    <file>ch_security.xml</file>
  </header>

  <section>
    <title>Security in Orber</title>

    <section>
      <title>Introduction</title>
      <p>Orber SSL provides authentication, privacy and integrity for your
        Erlang applications. Based on the Secure Sockets Layer protocol, the
        Orber SSL ensures that your Orber clients and servers can
        communicate securely over any network. 
        This is done by tunneling IIOP through an SSL connection. To get
        the node secure you will also need to have a firewall which
        only lets through connections to certain ports.</p>
    </section>

    <section>
      <title>Enable Usage of Secure Connections</title>
      <p>To enable a secure Orber domain you have to set the configuration variable 
        <em>secure</em> which currently only can have one of two values;
        <em>no</em> if no security for IIOP should be used and <em>ssl</em> if 
        secure connections is needed (<em>ssl</em> is currently the only supported 
        security mechanism).</p>
      <p>The default is no security.</p>
    </section>

    <section>
      <title>Configurations when Orber is Used on the Server Side</title>
      <p>There is a variable to conficure Orber's SSL behavior on the server side.</p>
      <list type="bulleted">
        <item><em>ssl_server_options</em> - which is a list of options to ssl. 
        See the <seealso marker="ssl:ssl">SSL</seealso> application for further 
	descriptions on these options.</item>
      </list>
      <p>There also exist an API function for accessing the value of this variable:</p>
      <list type="bulleted">
        <item>orber:ssl_server_options/0</item>
      </list>
    </section>

    <section>
      <title>Configurations when Orber is Used on the Client Side</title>
      <p>When the Orber enabled application is the client side in the secure connection the 
        different configurations can be set per client process instead and not for the whole domain
        as for incoming calls.</p>
      <p>There is a variable to set default values for the domain but they can be changed 
        per client process.</p>
      <list type="bulleted">
        <item><em>ssl_client_options</em> - which is a list of options to ssl.
        See the <seealso marker="ssl:ssl">SSL</seealso> application for further 
	descriptions on these options.</item>
      </list>
      <p>There also exist two API functions for accessing and changing the values of this 
        variable in the client processes.</p>
      <p>Access function:</p>
      <list type="bulleted">
        <item>orber:ssl_client_options/0</item>
      </list>
      <p>Modify function:</p>
      <list type="bulleted">
        <item>orber:set_ssl_client_options/1</item>
      </list>
    </section>
  </section>
</chapter>