DEV Community

Cover image for Acra. Features: Authentication
Cossack Labs
Cossack Labs

Posted on

Acra. Features: Authentication

The main Acra purpose is to provide confidentiality and integrity of protected data. As Acra works inside of large infrastructures, it provides additional ways to make sure that no one can access data unauthenticated.

Use Acra Community Edition for free. Check out Acra Enterprise Edition tailored for solutions with high security requirements.

5️⃣ Authentication

Whether Acra is deployed as AcraServer (transparent SQL proxy) or AcraTranslator (API service), it authenticates each application’s connection.

💡 Each trusted application has a unique clientID linked with application keys. If the app sends the wrong clientID, the data won’t be decrypted as keys don’t match.

For infrastructures that rely on the newest TLS (v1.2 and v1.3), Acra requires mutual authentication—certificate pinning for Acra, application and the database. mTLS makes MitM attacks more complicated.

Also, Acra provides a list of security controls to ensure that CA is trusted and that all certificates are valid.

Acra by Cossack Labs

For infrastructures that lack TLS or can’t rely on certificate pinning, Acra provides a separate daemon AcraConnector that enables a mutually authenticated secure connection between the app and Acra. It uses Themis Secure Session protocol under the hood, which is based on ECDH & AES.

🔥 Acra provides multi-layered defenses for sensitive data that your system operates on.

Top comments (0)