Security is an important aspect of all every software. This document explains the key security features such as authentication, authorization, data security, network security, and more that are provided by Bold Reports Software to its customers.
Authentication verifies a user’s identity. Anyone who wants to access and manage resources such as reports, data source and datasets must be a user of the Bold Reports server. The Bold Reports server can be configured to use either local or external authentication to validate the authenticity of its users.
In local authentication, the Bold Reports server validates user authentication by comparing the provided credentials with the details stored in the Bold Reports database.
Bold Reports server can be configured with external authentications such as LDAP, Azure ADFS, OpenID, and OAuth.
Bold Reports server can be configured to use LDAP for user authentication. Users are authenticated by submitting their credentials to Bold Reports server, which will then attempt to bind to the LDAP instance using the user credentials. If the bind works and the credentials are valid, the server grants the user a session.
The Bold Reports server can be configured to use Azure Active Directory for importing users and validating their authentication. Users will be logged into the Bold Reports server after being validated and authenticated by Microsoft upon providing their credentials.
OpenID connect is a simple identity layer on top of the OAuth 2.0 protocol. It allows client to log in to the Bold Reports application after they have logged into their identity provider. You should configure OpenID connect with the Bold Reports application to use OpenID connect with the Bold Reports server.
Bold Reports supports the OAuth 2.0 authorization code workflow for authorizing third-party application users logging into the Bold Reports application. It allows clients to log in to the Bold Reports application after logging in to their identity provider. You should configure OAuth 2.0 in the Bold Reports application to use OAuth connect with the Bold Reports server.
Authorization refers to which resources, such as reports, data sources or datasets, users can access on the Bold Reports server after authentication has been verified.
Authorization includes:
Bold Reports provides support to control which users can see the reports, data sources, and datasets. For data sources connected to live databases, you can also control user access based on their permissions. There are read, write, create, and delete permissions that can be assigned to users and groups. Without the read permission, no user can see your data sources, datasets, or reports.
Bold Reports server provides a flexible permission system. Using this, you can control access to report, data sources and datasets.
Every tenant user can only log in to their tenant and access its resources. Each tenant is deployed with its own database and resources, ensuring that one tenant’s data is not shared with other tenants. Additionally, users belonging to one tenant can only see users belonging to the same tenant and share reports with those tenant users. Users must have permissions to view and access reports and resources created by another user within the same tenant.
Every Bold Reports product installation will generate unique private keys on the customer’s machine. These private keys will be used to encrypt and store the sensitive data such as passwords and database details. Bold Reports server uses the following encryption methods to secure information such as user password and database details:
Rijndael Encryption (256 bits)RSA Cryptography (1024 bits)AES Cryptography (128 bits)The Bold Reports server provides the following network security features.
By default, the Bold Reports server is configured with the HTTP protocol. We recommend changing the protocol to HTTPS by configuring SSL in the Bold Reports server for all communications. When Bold Reports is configured for SSL, all content and communications between clients are encrypted using SSL, and the HTTPS protocol is used for requests and responses.
Bold Reports server makes internal API calls to access resource in web and mobile apps. The Bold Reports server will accept all the connections that use Transport Layer Security (TLS 1.2/1.3) encryption, but we recommend mandatory use of TLS 1.2 in servers where Bold Reports is installed.
Bold Reports server can be connected to the database without SSL, but all the database connections that support SSL offer encrypted data transfer. We recommend enabling the SSL connection to your database when configuring the Bold Reports server.
Bold Reports server will generate log files when a user interacts with the Bold Reports application or when an exception occurs. These include:
These logs will only include performed events, occurred errors, and other operational logs, and will never collect any confidential information such as user passwords and database details. Our support team may request these logs to investigate customer-reported issues and provide solutions.
Bold Reports Software includes various open source components, which are licensed under the terms of applicable open source license agreements. Our legal team verifies and approves the use of such components in Bold Reports software, and these usages are revisited and reviewed before every release.