Securing the server

You can set up secure communication between clients and servers as well as between servers.

  • Communication between clients and servers can be secured using the SSL protocol, which you specify when connecting to the server. See Using SSL to encrypt connections to a Helix Server.

    Communication between clients and servers can also be secured using a firewall. For more information, see Using firewalls.

  • User authentication can be done using passwords or tickets, and the strength of the password can be defined by an administrator. Users can be authenticated against an Active Directory or LDAP server, or against an internal Helix Server user database. See Authentication options.
  • Access is defined using "protections" that determine which Helix Core Server commands can be run, on which files, by whom, and from which host. See Authorizing access.
  • Communication between servers in a multi-server environment can be secured using a "trust file", and by setting "protections" for the service users that own the different servers in the environment. For more information, see Create commit and edge server configurations.

Before you can configure access and authentication, you must create users as described in Users.

Recommended settings to configurables for security

After installing Helix Server, it is good practice to set the following configurables:

Purpose

Configurable

Value

for each user's initial password: ensures that only users with the super access levelClosed A permission assigned to a user to control which commands the user can run. See also the 'protections' entry in this glossary and the 'p4 protect' command in the Helix Core Command-Line (P4) Reference., and whose password is already set, can set an initial password dm.user.setinitialpasswd 0
require ticket-based authentication security 3 or 4
force new users that you create to reset their passwords dm.user.resetpassword 1
prevent the automatic creation of new users dm.user.noautocreate 1 or 2
hide sensitive information from unauthorized users of p4 info dm.info.hide 1
hide user details from unauthenticated users run.users.authorize 1
hide information contained in 'keys' from those who lack admin access. One use case is Hiding Swarm storage from regular users. dm.keys.hide 2