Security in Martini
The security of your applications is paramount, especially when dealing with sensitive data and integrating with various systems. This section provides essential information on securing your Martini environment, covering a range of topics related to authentication, authorization, encryption, and secure communication.
Topics Covered
-
Security Considerations: Explore fundamental security practices that should be implemented to protect your Martini applications.
-
Authentication and Authorization: Learn about the methods used for user authentication and authorization in the Martini environment, including the use of internal Martini users and Lonti account users.
-
SSL/TLS Configuration:
Understand how to properly configure SSL/TLS to secure communications between your applications and external services. This includes key topics such as:
- SSL Termination: Discover methods for SSL termination, which offloads SSL processing from your application servers.
- Configuring SSL: Get step-by-step instructions on configuring SSL for your Martini Server Runtime with the following certificate issuers:
- Public CA: Get step-by-step instructions on configuring SSL for your Martini Server Runtime.
- Let's Encrypt: Get step-by-step instructions on configuring SSL for your Martini Server Runtime.
- Self Signed: Get step-by-step instructions on configuring SSL for your Martini Server Runtime.
- Configuring APR: Learn how to set up the APR connector for SSL on Martini Runtime.
- Configuring HSTS: Implement HTTP Strict Transport Security (HSTS) to protect against downgrade attacks.
-
Encryption at Rest: Discover techniques for encrypting sensitive data stored in databases and other storage systems to protect it from unauthorized access.
-
Configuring Vault: Understand how to configure HashiCorp Vault for managing secrets and encryption as a service within your Martini applications.