Security Management Overview
Couchbase Server can be rendered highly secure.
Couchbase Server Security
Couchbase Server can be rendered highly secure. System-areas available to be managed include:
-
Networked access, by administrators, users, and applications: Can be secured with TLS, using dedicated Couchbase Server-ports. Cipher-suites, TLS levels, and console-access can be individually managed. Networked communications between nodes within the cluster can also be secured: see Apply Node-to-Node Encryption, for details.
-
Authentication: Can be handled by passing credentials explicitly, or by means of client certificates. External (as well as Local) authentication-domains are supported: therefore, authentication-mechanisms based on Native LDAP, saslauthd, and PAM can be used. For the recommended process, see Configure LDAP.
-
Authorization: Couchbase Role-Based Access Control ensures that each authenticated user is checked for the system-defined roles (and, by due association, privileges) they have been assigned. This allows access to be granted or denied them, based on the type of system-resource they are trying to access, and the operation they wish to perform. Roles can be assigned by user and by group. For details, see Manage Users and Roles.
-
Auditing: Can be enabled on actions performed on Couchbase Server, so that reviews can occur. See Manage Auditing,
-
Certificates: These can be defined and established for the cluster. Additionally, certificates presented by clients attempting server-access can be permitted. See Manage Certificates.
-
Logs: These can be redacted, ensuring that no private information is shared. Information is provided in Manage Logging.
-
Sessions: Can be configured for termination following periods of user-inactivity. This is described in Manage Sessions.
See the navigation panel at the left, for details of additional management procedures documented in this section.