SlashDB version 1.4.0 is now generally available.
In this release we are putting emphasis on the needs of our enterprise clients. We are introducing single sign-on feature compatible with Microsoft Azure AD, Okta, PingIdentity, Google Cloud Identity and more. At the same time we harden our security measures by addressing findings from a penetration testing performed by a third party. Last but not the least, SlashDB now has full automation for turning database views into APIs.
Single Sign-On with OAuth 2 / OpenID Connect
SlashDB Enterprise Edition now allows for seamless integration with identity providers, which support the OpenID Connect / OAuth 2 protocol. This feature helps strengthen security of your APIs. Application developers utilizing SlashDB can now leverage user sign up, password policy, multi-factor authentication and other user management capabilities of systems dedicated to those functions (IAM, IdP).
SlashDB supports connecting to multiple identity providers, which is particularly useful for situations where your end clients require conformance to their own security policies. For example if one of your API’s clients uses Microsoft Azure AD, but another users Okta or Ping, both will be able to authenticate into your SlashDB instance using their respective identity providers. This works for GUI sessions and programmatic APIs alike.
For more information on this feature please see documentation at https://docs.slashdb.com/user-guide/security.html#sso–openid-connect
Automated API for database views and tables without primary keys
This enhancement is particularly beneficial for analytical applications where data is stored in Data Warehouse often in a denormalized schema or where database contains large number of views.
SlashDB Data Discovery API is a unique feature, which exposes database tables as API endpoints without a need for writing code or queries, or even mapping of table fields. Up until now this only worked for tables with properly defined primary keys. From now on all tables as well as database views will be included. Of course, just as before, you can control which database objects become included in the API by connecting with that database using database login authorized to access only those objects.
Adding a new database: https://docs.slashdb.com/user-guide/config-databases.html#adding-a-new-database
New Licensing Options
Licensing per virtual CPU is now an option for clients where this method aligns better with their ROI than the per connected database pricing.
More security updates
We take security seriously and try to stay on top of known vulnerabilities. In addition to that we periodically order penetration tests from reputable specialist vendors. Although we have no knowledge of any successful exploits, this release contains 13 security improvements including:
- Sudo Heap-based Buffer Overflow Vulnerability Baron Samedi
- Enforced password policy for built-in authentication (in addition to the SSO)
- Cryptographically secure function to generate the API key and enforcement of API key policy
- Prevention mechanisms agaisnt username enumeration
- Avoiding storing potentially sensitive information in the browser cache
We strive to make SlashDB easy to install in variety of environments including “bare metal” Linux machines, pre-built VMWare and VirtualBox images, Docker, Vagrant and “one-click” offers in AWS and Azure marketplaces. Improved in this release are:
- Updates from prior version using .rpm and .deb packages
- Standardized on .rpm-based distro (CentOS, Amazon Linux 2) for all virtual machine images
- Special .rpm package inclusive of Python dependencies for “air locked” enterprise environments
For more information about all installation options that SlashDB offers please see User Guide at https://docs.slashdb.com/user-guide/getting-slashdb.html
12 fixes and feature improvements including:
- New login page, which supports 3 different ways of authentication
- Login page can be customized with your organization’s styling or even your end client’s logo (Enterprise Edition)
- Fixes to various search widgets
- Streamlined database connection by hiding fields not relevant for given database type
Code refactoring and performance improvements
Of note are:
- avoid data read for update where possible (performance)
- removed certain undocumented endpoints
- better error messages when broken JSON is received