Running a Non-Modifiable Fusion Registry

An interesting question has been raised about how to run a Fusion Registry that is locked-down so no-one at all may make any modifications to it. This may be desired if you have a Registry that is exposed on the Internet to the entire world and you'd like to be sure that it is secure.

A simple way to do this is to run with the Registry requiring an authentication service but that authentication service is not running. The following steps illustrate how to do this:

  • Setup your Firewall / Web server / Proxy so that the Fusion Registry is not exposed to the outside world.
  • Start Fusion Registry and Fusion Security and ensure that they have been configured to communicate with each other.
  • Login to the Fusion Registry and load the structures into your Registry.
  • Terminate Fusion Security. Now it is impossible to log into the Fusion Registry.
  • Setup your Firewall / Web server / Proxy so that the Fusion Registry is exposed to the outside world.

Now no-one can modify your Registry since all actions that attempt to make a modification will fail authentication. If you need to make a change, simply restart Fusion Security, make the changes and then terminate Fusion Security again.