Profound Bolsters Security, Authentication in Node.js Dev Tools
October 11, 2023 Alex Woodie
IBM i developers working with Profound Logic’s Node.js Web application and API development tools will be greeted with new security and authentication features when they move up to version 7, which was unveiled last month.
The new features are found in version 7 releases of Profound Logic’s Profound.js, which enables developer to create Node.js-based applications that run on IBM i, as well as Profound API, a variant of its Node.js tool for writing API-based applications that run on IBM i and access its database.
One of the changes that will greet users with Profound.js 7.0 is support for user-defined encryption keys, which will replace the previous encryption keys that came with the software. This will give customers more flexibility and security, Profound Logic says.
“With the new user-defined keys, customers can now have full control over their encryption keys,” the company tells IT Jungle. “They can, for example, implement their own security measures to rotate keys. They can also have different security keys for different instances of Profound.js or Profound API, which is relevant for customers running both public customer-facing applications and internal applications. Since each instance is isolated with its own set of keys, compromising one will not affect the other.”
The company also bolstered security in Profound.js 7.0 by requiring unique security keys for PJSCALL and proxy program connections. Previously, the two channels used the same key on customer systems. Requiring separate and unique keys will allow one channel to remain secure if the keys for the other channel have been compromised.
Finally, the company is requiring a new license key when using Profound.js 7.0, which the company says this will further boost security for customers.
“It’s important that customers know that a new license key is required for this release before upgrading,” the company says. “It means a little more preparation work is needed compared to a normal upgrade. There is no inherent benefit to the customer just from the new license key itself, but it’s a requirement in this release due to how encryption keys are managed overall. We’ve added extra security to our encryption process, which covers both license keys, as well as the various other places were encryption is used within the products.”
Profound has also bolstered authentication in Profound.js 7.0 by adding support for OAuth2, which is the current industry standard for authenticating users remotely over the Web. The company says it’s experiencing high demand for OAuth2 support to help secure APIs.
OAuth2 will be supported as an authentication mechanism for APIs served with Profound API, thereby eliminating the need for additional trust mechanisms to be built between services and Profound APIs, the company says. That will result in time and resource savings, the company says.
The combination of OAuth and new encryption key support will go far in helping to secure its IBM i customers, Profound says. “This dual enhancement underscores Profound Logic’s unwavering commitment to providing secure, business-friendly modernization solutions for IBM i systems,” the company says in a press release.
For more information, see the company’s website at www.profoundlogic.com.
