Search results
Suggest a FeaturePDF

Overview of Bold Reports Security

Security is an important aspect of all every software. This document explains the key security features such as authentication, authorization, data security, network security, and more that are provided by Bold Reports Software to its customers.

Authentication

Authentication verifies a user’s identity. Anyone who wants to access and manage resources such as reports, data source and datasets must be a user of the Bold Reports server. The Bold Reports server can be configured to use either local or external authentication to validate the authenticity of its users.

Local authentication

In local authentication, the Bold Reports server validates user authentication by comparing the provided credentials with the details stored in the Bold Reports database.

External authentication

Bold Reports server can be configured with external authentications such as LDAP, Azure ADFS, OpenID, and OAuth.

  • LDAP

Bold Reports server can be configured to use LDAP for user authentication. Users are authenticated by submitting their credentials to Bold Reports server, which will then attempt to bind to the LDAP instance using the user credentials. If the bind works and the credentials are valid, the server grants the user a session.

  • Azure ADFS

The Bold Reports server can be configured to use Azure Active Directory for importing users and validating their authentication. Users will be logged into the Bold Reports server after being validated and authenticated by Microsoft upon providing their credentials.

  • OpenID connect

OpenID connect is a simple identity layer on top of the OAuth 2.0 protocol. It allows client to log in to the Bold Reports application after they have logged into their identity provider. You should configure OpenID connect with the Bold Reports application to use OpenID connect with the Bold Reports server.

  • OAuth connect

Bold Reports supports the OAuth 2.0 authorization code workflow for authorizing third-party application users logging into the Bold Reports application. It allows clients to log in to the Bold Reports application after logging in to their identity provider. You should configure OAuth 2.0 in the Bold Reports application to use OAuth connect with the Bold Reports server.

Authorization

Authorization refers to which resources, such as reports, data sources or datasets, users can access on the Bold Reports server after authentication has been verified.

Authorization includes:

  • Which users are allowed to create new reports or manage existing reports.
  • Which users are allowed to create new data sources or manage existing data sources.
  • Which users are allowed to create new datasets or manage existing datasets.
  • Which users are allowed to create new schedules or manage existing schedules.
  • Which users are allowed to perform admin roles on Bold Reports, such as creating sites, adding users, and configuring server settings.

Data security

Bold Reports provides support to control which users can see the reports, data sources, and datasets. For data sources connected to live databases, you can also control user access based on their permissions. There are read, write, create, and delete permissions that can be assigned to users and groups. Without the read permission, no user can see your data sources, datasets, or reports.

Within the site

Bold Reports server provides a flexible permission system. Using this, you can control access to report, data sources and datasets.

Between the sites

Every site user can only log in to their site and access its resources. Each site is deployed with its own database and resources, ensuring that one site’s data is not shared with other sites. Additionally, users belonging to one site can only see users belonging to the same site and share reports with those site users. Users must have permissions to view and access reports and resources created by another user within the same site.

Application security

Every Bold Reports product installation will generate unique private keys on the customer’s machine. These private keys will be used to encrypt and store the sensitive data such as passwords and database details. Bold Reports server uses the following encryption methods to secure information such as user password and database details:

  • Rijndael Encryption (256 bits)
  • RSA Cryptography (1024 bits)
  • AES Cryptography (128 bits)

Network security

The Bold Reports server provides the following network security features.

Client to Bold Reports server

By default, the Bold Reports server is configured with the HTTP protocol. We recommend changing the protocol to HTTPS by configuring SSL in the Bold Reports server for all communications. When Bold Reports is configured for SSL, all content and communications between clients are encrypted using SSL, and the HTTPS protocol is used for requests and responses.

Resource access REST API

Bold Reports server makes internal API calls to access resource in web and mobile apps. The Bold Reports server will accept all the connections that use Transport Layer Security (TLS 1.2/1.3) encryption, but we recommend mandatory use of TLS 1.2 in servers where Bold Reports is installed.

Bold Reports server to database

Bold Reports server can be connected to the database without SSL, but all the database connections that support SSL offer encrypted data transfer. We recommend enabling the SSL connection to your database when configuring the Bold Reports server.

Application logging

Bold Reports server will generate log files when a user interacts with the Bold Reports application or when an exception occurs. These include:

  1. Debug log
  2. Error log

These logs will only include performed events, occurred errors, and other operational logs, and will never collect any confidential information such as user passwords and database details. Our support team may request these logs to investigate customer-reported issues and provide solutions.

Open source component usage

Bold Reports Software includes various open source components, which are licensed under the terms of applicable open source license agreements. Our legal team verifies and approves the use of such components in Bold Reports software, and these usages are revisited and reviewed before every release.

Protecting Data in Bold Reports with Least Privilege Access

What is Least Privilege Access (LPA)

Least Privilege Access (LPA) is a security principle that grants users, applications, or systems only the minimum permissions necessary to perform their tasks. This approach reduces the risk of unauthorized access, data breaches, and other security incidents by limiting potential damage from compromised accounts or systems.

How Does Bold Reports Use LPA?

Bold Reports adheres to the LPA principle to prioritize data security. The platform requests only the permissions essential for report generation, ensuring access is restricted to read-only operations wherever possible. This minimizes risks of unauthorized access, accidental data modification, or breaches, aligning with industry best practices for data security and compliance.

Key aspects of Bold Reports LPA model include:

Restricted Permissions: Access is confined to read-only operations to prevent unintentional or unauthorized changes to customer data.

Access Control: Data access is limited to specific sources and fields based on reporting requirements, reducing exposure to sensitive information.

Compliance with Security Standards: This model aligns with established security frameworks and regulations, demonstrating a commitment to data privacy and protection.

By following the LPA principle, Bold Reports provides a secure reporting environment, ensuring customers can confidently use its capabilities without compromising data integrity.