orber

User's Guide

Version 3.8.4

Chapters

8 How to use security in Orber

8.1  Security in Orber

Introduction

Orber SSL provides authentication, privacy and integrity for your Erlang applications. Based on the Secure Sockets Layer protocol, the Orber SSL ensures that your Orber clients and servers can communicate securely over any network. This is done by tunneling IIOP through an SSL connection. To get the node secure you will also need to have a firewall which only lets through connections to certain ports.

Enable Usage of Secure Connections

To enable a secure Orber domain you have to set the configuration variable secure which currently only can have one of two values; no if no security for IIOP should be used and ssl if secure connections is needed (ssl is currently the only supported security mechanism).

The default is no security.

Configurations when Orber is Used on the Server Side

There is a variable to conficure Orber's SSL behavior on the server side.

  • ssl_server_options - which is a list of options to ssl. See the SSL application for further descriptions on these options.

There also exist an API function for accessing the value of this variable:

  • orber:ssl_server_options/0

Configurations when Orber is Used on the Client Side

When the Orber enabled application is the client side in the secure connection the different configurations can be set per client process instead and not for the whole domain as for incoming calls.

There is a variable to set default values for the domain but they can be changed per client process.

  • ssl_client_options - which is a list of options to ssl. See the SSL application for further descriptions on these options.

There also exist two API functions for accessing and changing the values of this variable in the client processes.

Access function:

  • orber:ssl_client_options/0

Modify function:

  • orber:set_ssl_client_options/1