37.1.1 Limiting Physical Access to Vibe Servers

Servers where Novell Vibe data resides should be kept physically secure, so unauthorized persons cannot gain access to the server consoles.

37.1.2 Protecting the Vibe File Repository

The Novell Vibe file repository contains unencrypted data. See Distributing Different Data Types to Different Locations in Advanced Installation and Reconfiguration in the Novell Vibe 3.2 Installation Guide for details about how Vibe uses the local file system for data storage. These directories contain uploaded information in various formats (both native file formats and potentially a number of rendered formats (such as cached HTML versions of files, thumbnails, and RSS feeds) as well as archived data. These files are managed exclusively by the Vibe application software.

For data security, encrypted file systems should be used on servers where Vibe data resides. Only Vibe administrators should have direct access to Vibe data.

37.1.3 Protecting the Vibe Database

During installation, you select the encryption method that you want to use for the Vibe database, as described in Database Encryption Algorithm in Basic Installation in the Novell Vibe 3.2 Installation Guide. Three levels of encryption strength are available. The encryption algorithm cannot be changed after you have started using the Vibe database, so be sure to select the level of encryption appropriate for your Vibe site during initial installation.

Depending on your local security guidelines, you might want to encrypt the database connections between the Vibe software and the Vibe database. SSL-encrypted data between the Vibe application and the database server imposes a performance penalty because of the increased overhead of encrypting and decrypting the retrieved data.

Support for this is highly dependent on the database client drivers and JDBC connector support, and on how you are configuring your database client and server certificates. You should check with your database vendor on how to set up SSL connections on both the client and server sides of the connection. You might need to modify the JDBC URL during installation, as described in Database Location in Basic Installation in the Novell Vibe 3.2 Installation Guide. For example, for MySQL, you might add useSSL=true&requireSSL=true to the options part of the JDBC URL.