Security

TLS

A client (JCC, REST client, or Java code) that connects to SnapLogic triggered Pipelines or the SnapLogic public API must support TLS 1.2. Additionally, users on older versions or unsupported browsers may not be able to login if the browser does not support TLS 1.2.

SnapLogic supports the default JRE settings defined in /opt/snaplogic/pkgs/jre1.8.0_45/lib/security/java.security or /opt/snaplogic/pkgs/openjdk-11.0.5+10-jre/lib/security/java.security for all outbound requests. You can read more about it in the Java documentation. For Windows users, the security file will be within the JRE_HOME environment variable.


Pipeline Operations

To further enhance the SnapLogic platform security, the following changes in pipeline operations are introduced:

  • Disabling external process (like popen) creation on Cloudplex via the Script Snap or a custom Snap. While external process creation support continues on Groundplex, this can be disabled upon customer request to support@snaplogic.com.
  • Disabling read/write access to files in the Snaplex installation folder while executing pipelines. Impacted folders are in the $SL_ROOT directory and include bin, cloudops, dropbox, lib, run, and broker. The proc directory (on Linux nodes) is not readable or writable. Additionally, pipelines cannot write in $SL_ROOT/run/lib. If your existing Pipelines need to access log files, then we recommend that you create a sibling log file that is stored outside of the associated Snaplex installation folder.