{"id":42,"date":"2017-11-06T16:24:18","date_gmt":"2017-11-06T16:24:18","guid":{"rendered":"https:\/\/bioimage.coe.drexel.edu\/mp\/leverjs\/?page_id=42"},"modified":"2017-11-27T22:58:31","modified_gmt":"2017-11-27T22:58:31","slug":"security","status":"publish","type":"page","link":"https:\/\/bioimage.coe.drexel.edu\/mp\/leverjs\/security\/","title":{"rendered":"security"},"content":{"rendered":"<p>leverjs uses multiple layers of security. there is a firewall first that controls access to the ports opened up by the leverjs servers. then there is a reverse proxy web server that routes the incoming requests. i really like nginx for this &#8212; config info to follow in another post. both the firewall and the reverse proxy can control access by ip addresses and ranges, or even by individual machine addresses.<\/p>\n<p>beyond firewall and reverse proxy, there are two additional security systems used by leverjs. both are built on top of JSON web tokens (jwt). check out <a href=\"https:\/\/jwt.io\">https:\/\/jwt.io <\/a>for more info on this technology. I really like the use of cryptographic hashing for digital signatures.<\/p>\n<p>the first security system is for UI (human) access to the leverjs server, via the web browser. for this, i&#8217;ve been using a free service from a website called auth0 (<a href=\"https:\/\/auth0.com\">https:\/\/auth0.com<\/a>). more details on this configuration coming soon&#8230;<\/p>\n<p>the second security system is for programmatic access to the api, e.g. HTTPS PUSH commands from a client like MATLAB, Python or even CURL. These use JSON web tokens directly using functionality built into leverjs. See <a href=\"https:\/\/git-bioimage.coe.drexel.edu\/opensource\/leverjs\/blob\/master\/leverjs\/keyGen.js\">leverjs\/keygen.js<\/a> for details on generating and server.js for verifying signatures. See <a href=\"https:\/\/git-bioimage.coe.drexel.edu\/opensource\/leverjs\/blob\/master\/matlab\/+JWT\/getJWT.m\">matlab\/JWT\/getJWT.m<\/a> for details on how to obtain and set JWT credentials on API calls.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>leverjs uses multiple layers of security. there is a firewall first that controls access to the ports opened up by the leverjs servers. then there is a reverse proxy web server that routes the incoming requests. i really like nginx for this &#8212; config info to follow in another post. both the firewall and the &hellip; <a href=\"https:\/\/bioimage.coe.drexel.edu\/mp\/leverjs\/security\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;security&#8221;<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/bioimage.coe.drexel.edu\/mp\/leverjs\/wp-json\/wp\/v2\/pages\/42"}],"collection":[{"href":"https:\/\/bioimage.coe.drexel.edu\/mp\/leverjs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/bioimage.coe.drexel.edu\/mp\/leverjs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/bioimage.coe.drexel.edu\/mp\/leverjs\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/bioimage.coe.drexel.edu\/mp\/leverjs\/wp-json\/wp\/v2\/comments?post=42"}],"version-history":[{"count":6,"href":"https:\/\/bioimage.coe.drexel.edu\/mp\/leverjs\/wp-json\/wp\/v2\/pages\/42\/revisions"}],"predecessor-version":[{"id":70,"href":"https:\/\/bioimage.coe.drexel.edu\/mp\/leverjs\/wp-json\/wp\/v2\/pages\/42\/revisions\/70"}],"wp:attachment":[{"href":"https:\/\/bioimage.coe.drexel.edu\/mp\/leverjs\/wp-json\/wp\/v2\/media?parent=42"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}