Sensitive information can be exposed through JMX and Java. Tomcat and
Spotfire Server provide management capabilities to restrict access through authentication, authorization, and encryption security features. Also, as a security measure, the JMX RMI connector is disabled by default, so the administrator must enable it.
Security feature
Description
Default setting
Authentication
Spotfire Server applies the existing database authentication mechanism using a separate database table. Passwords are obscured with hash marks. you can use the same principal names across an entire
Spotfire Server cluster.
Enabled.
Authorization
You can configure authorization to specify the level of user permissions.
If a user has only read permissions, the user can only read attribute values.
If a user has read-and-write permissions, the user can read and modify any writable attributes.
JMX accounts and credentials are separated from
Spotfire accounts and credentials. The JMX accounts are used only for monitoring.
Enabled.
Note: Authorization works only with the default authentication implementation.
Encryption
You can configure the Remote Method Invocation (RMI) connector to encrypt the traffic using Transport Layer Security (TLS). This configuration is recommended; otherwise, user names and passwords are transmitted in plain text.
Not enabled.
Note: Encryption configuration requires a certificate.
Firewall
You can configure a firewall to allow traffic to the desired ports.
The RMI registry and the RMI connector share a common port (1099) to simplify firewall configuration.