Secure data¶
Data security involves the protection of your organization’s data, any data that you host for customers, and any input entered by users during interactions with the product.
Secure data in motion¶
Securing data in motion refers to the protection of data as it travels over a network or between locations.
Licensing service¶
In the JRebel environment, a licensing service called Rebel Licenses provides users with access to JRebel and XRebel licenses. Communications to and from the Rebel Licenses service are data in motion that must be protected. Rebel Licenses consists of the following components:
Customer portal at https://licenses.zeroturnaround.com/
License lease management portal for JRebel and XRebel
In the customer portal, you assign licenses to users. In the license lease management portal, Perforce helps you troubleshoot issues. Both of the portals are hosted on Amazon Web Services, and communications are secured by SSL/TLS encryption.
You can also use Rebel Licenses On-Premise, which provides a local hub for controlling and monitoring licenses across your organization. For instructions about configuring Rebel Licenses On-Premise, see:
Server configuration – Rebel Licenses On-Premise manual: Simple HTTPS
Server configuration – Rebel Licenses On-Premise manual: Front-end HTTP(S) proxy
Rebel Licenses On-Premise is deprecated and expected to reach End of Life (EOL) in 2026. To help prevent interruptions of operations, use the Rebel Licenses service, which is hosted in the cloud.
Remote server support¶
In a remote environment, JRebel is deployed on a server in the cloud. The data in motion is not protected by default. To protect the data, set up password-based authentication as described in Server-side password configuration. To help secure communications, configure the application server to use the HTTPS protocol.
Secure user input¶
Securing user input involves masking or hiding the content of input fields in a user interface to prevent unauthorized individuals from viewing sensitive information. Also known as UI field obfuscation, this method is commonly applied to fields that contain confidential data, such as passwords or credit card numbers.
With JRebel, passwords entered by users are obfuscated to prevent unauthorized viewing. Front-end validation is applied to ensure that data entered by users meets requirements. User input is secured on a password-protected PostgreSQL database.