Category: Security

How to Create a Custom Token Store for Spring-Security-Oauth2 | OAuth Part 2

How to Create a Custom Token Store for Spring-Security-Oauth2 | OAuth Part 2

In the previous blog post, we discussed how to configure a simple OAuth2 authentication. However, our implementation has a major flaw in it: we are using an in-memory token store. In-Memory token stores should be used only during development or...

How to Configure OAuth2 Authentication With Spring-Security-Oauth2

How to Configure OAuth2 Authentication With Spring-Security-Oauth2

As you might have noticed in my previous blog posts, I am a big fan of Spring + Java and Spring + Kotlin. Consequently, whenever I need to implement an OAuth 2.0 authentication, spring-security-oauth2 lib is a natural choice. However,...

Couchbase Server 5.5 Released

Couchbase Server 5.5 Released

Announcing Couchbase Server 5.5 Couchbase Server 5.5 production release is now available! We are very excited to share more information about this substantial extension of the Couchbase Data Platform. This release introduces several new Enterprise Grade features relating to agility,...

July 23, 2018

JWT Authentication with GraphQL, Node.js & Couchbase NoSQL

A few months ago when I had first started learning about GraphQL, I had written a previous tutorial for using it with Couchbase and Node.js. The tutorial focused on the basics which included creating GraphQL objects and querying those objects...

Couchbase Server 5.5 Beta – now available!

Couchbase Server 5.5 Beta – now available!

Announcing Couchbase Server 5.5 Beta This release is an extension of the Couchbase Data Platform but also introduces several new Enterprise Grade features – agility, performance, and manageability – all based on critical feedback from our customers. Included are many...

April 16, 2018

Authentication With X.509 Certificates

Data security is an important aspect of every modern data platform. With micro-service based architectures becoming more of a common pattern across every high-scale app, existing password based authentication mechanisms for user authentication is hard to manage at scale, let...

April 4, 2018

Couchbase Server 5.5: Log Redaction

With security already a hot topic in the data space, the Couchbase Server 5.5 release introduces a new feature – “Log Redaction”. Logs are an important part of every platform.  Logs are used for multiple purposes ranging from security, to monitoring,...

March 13, 2018
Announcing Couchbase Server 5.5 – Developer Build

Announcing Couchbase Server 5.5 – Developer Build

Announcing Couchbase Server 5.5 Developer Build It is my pleasure to share this early preview of Couchbase Server 5.5 features – there are some very exciting improvements coming and this Developer Build (DB) highlights several of them. There are many...

March 8, 2018

GDPR: Businesses must focus on digital transformation, not just tick-box compliance

The General Data Protection Regulation (GDPR) is now a matter of months away.  Vendors of all shapes and sizes are ramping up their GDPR scare stories (e.g. the potential fines) to trigger a response from businesses. Couchbase is taking a...

February 6, 2018

Speculative Execution Processor Vulnerabilities – Performance Impact Analysis

Last week, we published a blog with recommendation on securing Couchbase data platform in response to industry-wide security vulnerabilities. We continued to analyze the potential performance impact caused by the patched OS binaries and this blog post captures the detailed evaluation. As...

Speculative Execution Vulnerabilities – Meltdown & Spectre

On Jan 3, 2018, Google’s Project Zero team along with several other university researchers identified several security issues with speculative execution, an optimization technique used in microprocessors to improve performance. Couchbase is aware of the recently disclosed class of processor/OS...

Certificate Pinning in Android with Couchbase Mobile

Certificate Pinning in Android with Couchbase Mobile

Couchbase Mobile 2.0 supports certificate pinning on all Couchbase mobile platforms. Certificate pinning is a technique used by applications to “pin” a host to it’s certificate/public key. Communication between Couchbase Lite and Sync Gateway is encryped and secured using SSL/TLS....