Security

Database security refers to the collective measures used to protect and secure a database from illegitimate use and malicious threats and attacks. It covers and enforces security in several aspects:

• Enabling Security
• User Management
• Access Control
• Encryption
• Security Auditing

You can configure GraphDB security settings and user profiles and rights from the Workbench under Setup ‣ Users and Access.

For access control, GraphDB implements Spring Security. When an HTTP request is received, Spring Security intercepts it, verifies the permissions, and either grants or denies access to the requested database resource or API.

GraphDB supports three types of user databases used for authentication and authorization: Local, LDAP, and OAuth. Each of them contains and manages the user information. GraphDB supports four authentication methods: Basic, GDB, OpenID and Kerberos. Each authentication method is responsible for a specific type of credentials or tokens.

GraphDB supports encryption in transit with SSL/TLS certificates for encrypting the network traffic between the clients and GraphDB, and between the different GraphDB nodes (when in a cluster).

GraphDB’s detailed security audit trail provides actions accountability, and is hierarchically structured in audit roles. The level of detail of the audit depends on the role that is configured.