blob: 6b5c9b90ec18fcf5c2cb9552c37ec2235a0e8df3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE chapter SYSTEM "chapter.dtd">
<chapter>
<header>
<copyright>
<year>1999</year><year>2013</year>
<holder>Ericsson AB. All Rights Reserved.</holder>
</copyright>
<legalnotice>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
</legalnotice>
<title>How to use security in Orber</title>
<prepared></prepared>
<docno></docno>
<date>1999-09-01</date>
<rev></rev>
<file>ch_security.xml</file>
</header>
<section>
<title>Security in Orber</title>
<section>
<title>Introduction</title>
<p>Orber SSL provides authentication, privacy and integrity for your
Erlang applications. Based on the Secure Sockets Layer protocol, the
Orber SSL ensures that your Orber clients and servers can
communicate securely over any network.
This is done by tunneling IIOP through an SSL connection. To get
the node secure you will also need to have a firewall which
only lets through connections to certain ports.</p>
</section>
<section>
<title>Enable Usage of Secure Connections</title>
<p>To enable a secure Orber domain you have to set the configuration variable
<em>secure</em> which currently only can have one of two values;
<em>no</em> if no security for IIOP should be used and <em>ssl</em> if
secure connections is needed (<em>ssl</em> is currently the only supported
security mechanism).</p>
<p>The default is no security.</p>
</section>
<section>
<title>Configurations when Orber is Used on the Server Side</title>
<p>There is a variable to conficure Orber's SSL behavior on the server side.</p>
<list type="bulleted">
<item><em>ssl_server_options</em> - which is a list of options to ssl.
See the <seealso marker="ssl:ssl">SSL</seealso> application for further
descriptions on these options.</item>
</list>
<p>There also exist an API function for accessing the value of this variable:</p>
<list type="bulleted">
<item>orber:ssl_server_options/0</item>
</list>
</section>
<section>
<title>Configurations when Orber is Used on the Client Side</title>
<p>When the Orber enabled application is the client side in the secure connection the
different configurations can be set per client process instead and not for the whole domain
as for incoming calls.</p>
<p>There is a variable to set default values for the domain but they can be changed
per client process.</p>
<list type="bulleted">
<item><em>ssl_client_options</em> - which is a list of options to ssl.
See the <seealso marker="ssl:ssl">SSL</seealso> application for further
descriptions on these options.</item>
</list>
<p>There also exist two API functions for accessing and changing the values of this
variable in the client processes.</p>
<p>Access function:</p>
<list type="bulleted">
<item>orber:ssl_client_options/0</item>
</list>
<p>Modify function:</p>
<list type="bulleted">
<item>orber:set_ssl_client_options/1</item>
</list>
</section>
</section>
</chapter>
|