Skip to end of banner
Go to start of banner

Security

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Current »

TLS

A client (JCC, REST client, or Java code) that connects to SnapLogic triggered Ppipelines or the SnapLogic public API must support TLS 1.2. Additionally, users on older versions or unsupported browsers may not be able to login if the browser does not support TLS 1.2.

SnapLogic supports the default JRE settings defined in /opt/snaplogic/pkgs/jre1.8.0_45/lib/security/java.security or /opt/snaplogic/pkgs/openjdk-11.0.5+10-jre/lib/security/java.security for all outbound requests. You can read more about it in the Java documentation. For Windows users, the security file will be within the JRE_HOME environment variable.


In this Section

Java 11 on Cloudplex Instances

Starting from the 4.21 release, SnapLogic Cloudplex instances are on Java 11. If you use a combination of Java 8 and Java 11 across your Snaplex nodes, then we recommend you to have an unlimited JCE key size.

  • TLS 1.2 is supported. TLS 1.0 and TLS 1.1 are no longer industry-standard security protocols and are no longer supported.
  • SSLv3 and MD2/RSA ciphers having a key size less than 1024 are disabled by default.

Pipeline Operations

To further enhance the SnapLogic platform security, the following changes in pipeline operations are introduced:

  • Disabling external process (like popen) creation on Cloudplex via the Script Snap or a custom Snap. While external process creation support continues on Groundplex, this can be disabled upon customer request to support@snaplogic.com.
  • Disabling read/write access to files in the Snaplex installation folder while executing pipelines. Impacted folders are in the $SL_ROOT directory and include bin, cloudops, dropbox, lib, run, and broker. The proc directory (on Linux nodes) is not readable or writable. Additionally, pipelines cannot write in $SL_ROOT/run/lib. If your existing Pipelines need to access log files, then we recommend that you create a sibling log file that is stored outside of the associated Snaplex installation folder.
  • No labels