Run In Production

Production Deployment

Feature	Added By	Action Required
Avoid storing credentials in sessions	Vanguard	None
Use Digest Authentication	Vanguard	None
Deploy Remotely	Vanguard	Yes
Avoid storing passwords with sourcecode	Vanguard	Yes
Better fault tolerance in front end	Vanguard	None
Whitelist endpoints	Vanguard	Yes

Avoid storing credentials in sessions

This is accomplished by using Digest authentication and storing the token in a session.

Use Digest authentication

Basic authentication allowed usernames and passwords to be passed from the middle tier to the server in clear-text. Digest authentication allows us to use a token.

Deploy Remotely

To create your production configuration files, use the following command:

# gulp init-prod

Then modify deploy/production.properties to contain the connection information required to deploy to the production server.

Avoid storing passwords with sourcecode

Credentials in general can be stored in /etc and loaded into environment variables to be used by the middle tier. The following is a list of variables available:

• APP_NAME The name of the application
• APP_PORT The port used by the middle tier to listen for requests
• ML_HOST The hostname or IP address of the MarkLogic Server
• ML_PORT The port of the MarkLogic App Server hosting the RAPI
• ML_APP_USER The MarkLogic username for guest access
• ML_APP_PASS The MarkLogic password for guest access
• ML_GUEST_ACCESS Boolean to allow guest access
• DISALLOW_UPDATES Boolean to prevent updates (POST and PUT)
• APP_USERS_ONLY Boolean requiring users to authenticate

Better fault tolerance in front end

This is implemented by using the ng-idle library to detect connection problems

Whitelist endpoints

Running adhoc queries against the RAPI may enable a user to access more information than intended. Creating custom endpoints in the middle tier that allow the query to be scrubbed and validated before being proxied to the RAPI can reduce this threat.