1. API reference
  2. Welcome
    1. Component overview
    2. Quick start
    3. System requirements
    4. Troubleshooting
    5. Managing license keys
  3. Connecting to Data Source
    1. JSON
      1. Connecting to JSON
      2. Connecting to JSON using the Data Compressor
      3. Data types in JSON
    2. CSV
      1. Connecting to CSV
      2. Connecting to CSV using the Data Compressor
      3. Data types in CSV
    3. Database
      1. Connecting to SQL databases
      2. Connecting to other databases
      3. Connecting to a database with Node.js
      4. Connecting to a database with .NET
      5. Connecting to a database with .NET Core
      6. Connecting to a database with Java
      7. Connecting to a database with PHP
    4. Microsoft Analysis Services
      1. Connecting to Microsoft Analysis Services
      2. Getting started with the Accelerator
      3. Installing the Accelerator as a Windows Service
      4. Referring the Accelerator as a DLL
      5. Configuring the authentication process
      6. Configuring a secure HTTPS connection
      7. Troubleshooting
    5. Pentaho Mondrian
      1. Connecting to Pentaho Mondrian
      2. Getting started with Accelerator
      3. Configuring Mondrian roles
      4. Сonfiguring username/password protection
      5. Сonfiguring secure HTTPS connection
      6. Troubleshooting
    6. icCube
  4. Security
    1. Accelerator security
    2. Data Compressor Security
  5. Configuring report
    1. What is a report
    2. Data source
    3. Slice
    4. Options
    5. Number formatting
    6. Conditional formatting
    7. Set report to the component
    8. Get report from the component
    9. Date and time formatting
    10. Configuring global options
    11. Export and print
    12. Calculated values
    13. Custom sorting
  6. Integration with frameworks
    1. Available tutorials
    2. Integration with AngularJS (v1.x)
    3. Integration with Angular
    4. Integration with React
    5. Integration with Webpack
    6. Integration with ASP.NET
    7. Integration with jQuery
    8. Integration with JSP
    9. Integration with TypeScript
    10. Integration with RequireJS
    11. Integration with PhoneGap
  7. Integration with charts
    1. Integration with Highcharts
    2. Integration with Google Charts
    3. Integration with FusionCharts
    4. Integration with any charting library
  8. Customizing
    1. Customizing toolbar
    2. Customizing appearance
    3. Customizing context menu
    4. Localizing component
  9. Updating to the latest version
    1. Updating to the latest version
    2. Release notes
    3. Migration guide from 2.5 to 2.6
    4. Migration guide from 2.4 to 2.5
    5. Migration guide from 2.3 to 2.4
    6. Migration guide from 2.2 to 2.3
    7. Documentation for older versions
Table of contents

Data Compressor Security

Data security is an important question both for Flexmonster and for our customers. This tutorial clarifies how security is handled when connecting to the databases. Follow the sections:

  1. Data transferring process
  2. CORS and why it needs to be enabled
  3. Why direct connection to the database is not supported
  4. Data access management

1. Data transferring process

The first aspect of data security is how the data from the database can be transferred to Flexmonster Pivot. Your back-end application communicates with the database which allows restricting access to the database from outside completely. Flexmonster Data Compressor is embedded into this back-end application and is capable of compressing the data. The compressed response may be available by some URL or saved to the file. In both cases, Flexmonster Pivot requests the data from the back-end application instead of a direct database connection. The flowchart below describes the process:

DataCompressor

2. CORS and why it needs to be enabled

Due to the same-origin policy, the browser allows only the requests from the same origin. Сross-origin resource sharing (CORS) specification is used for allowing web applications to make cross-domain requests. CORS enabling is not imposed by Flexmonster but rather a browser requirement. Visit enable-cors.org to find out how to setup CORS on different types of servers.

3. Why direct connection to the database is not supported

Occasionally our customers are interested whether it is possible to connect to the database directly. This feature is not supported in Flexmonster due to security reasons. Connecting to the database requires login/password. Since Flexmonster is a fully client-side component, the direct connection to the database would require storing login/password in the browser and sending it in an insecure way. To avoid such vulnerability, the connection to the database is made on a server side and the data is compressed via Flexmonster Data Compressor. As an additional perk, the Data Compressor increases data loading speed.

4. Data access management

To protect the data it is recommended to restrict any external access to the database. In this case, the access to the database is available exclusively on the local server. This method increases security and protects against external threats:

  • password cracking
  • unauthorized access to the database
  • data theft

Our Data Compressor is included in your backend which provides a full control over data access management. It is possible to protect the data according to the business requirements. For example, define different user groups and grant access based on each group permissions. Depending on the role, the user can have access to certain tables or fields.