Is there any mechanism already implemented in IRIS to prevent XSS exploits ? 

This case happen when user input html/javascript content into fields and submit the page. If saved content is rendered as is, it's going to be executed by anyone visiting the page.

What I am looking for : 

• Built-in protection mechanisms that can be enabled globally (eg: per web application) or per CSP page. Something similar to a web application firewall.
• Functions to call manually that can detect such content in fields or sanitize them (remove unwanted content).

Hey Community,

It's time for the new batch of #KeyQuestions from the previous month.

If one of your packages on OEX receives a review you get notified by OEX only of YOUR own package.   
The rating reflects the experience of the reviewer with the status found at the time of review.   
It is kind of a snapshot and might have changed meanwhile.   
Reviews by other members of the community are marked by * in the last column.

I also placed a bunch of Pull Requests on GitHub when I found a problem I could fix.    
Some were accepted and merged, and some were just ignored.     
So if you made a major change and expect a changed review just let me know.

First time trying to use Foreign Tables/Servers instead of Linked Tables...

Within the SQL Editor inside of the Managment Portal, or connecting through DBeaver JDBC how we can see what Foreign Servers have been defined? Is there a way to query and verify structure of the Foreign Server connection to know that we are building the correct Foreign Tables?

I attempted to create my first Foreign table but it failed when I tried to query the tables because it said the table could not be found. But when I sign into the Database via SQL Management Studio, I can see the table.

Hi Community,

I have installed python from https://www.python.org/downloads/

and the installed path of this application is my local C:\Users\data\AppData\Local\Programs\Python

and i am trying to run C:\InterSystems\IRIS_SANDBOX\bin>irispip install  in command prompt and getting the below error 

'pip' is not recognized as an internal or external command,
operable program or batch file

is there anything else i am missing here please add

Experience & feedback from online course "Hands-On with InterSystems API Manager for Developers" 

With my basic knowledge of Docker container and REST API, I would like to have my first try on using InterSystems API manager to take control of APIs and microservices. I have completed this online course using my local IRIS instance as host (Windows OS) and IAM running on a Linux VM (guest). 

Firstly, I will introduce InterSystems API Manager (IAM), then explain the steps for setting up my local environment and lastly walk through the course chapters.

iris-docker-multi-stage-script

A python script to keep your docker iris images in shape ;)

Witout changing your dockerfile or your code you can reduce the size of your image by 50% or more !

TL;DR

Name the builder image builder and the final image final and add this to end of your Dockerfile:

Modify your Dockerfile to use a multi-stage build:

ARG IMAGE=intersystemsdc/irishealth-community:latest
FROM $IMAGE as builder

Add this to end of your Dockerfile:

FROM $IMAGE as final

ADD --chown=${ISC_PACKAGE_MGRUSER}:${ISC_PACKAGE_IRISGROUP} https://github.com/grongierisc/iris-docker-multi-stage-script/releases/latest/download/copy-data.py /irisdev/app/copy-data.py

RUN --mount=type=bind,source=/,target=/builder/root,from=builder \
    cp -f /builder/root/usr/irissys/iris.cpf /usr/irissys/iris.cpf && \
    python3 /irisdev/app/copy-data.py -c /usr/irissys/iris.cpf -d /builder/root/ 

Boom! You're done!

I have created an OAuth Client and have created the credentials etc successfully.

I have tested using the curl command and have received the token back from the Server using the terminal.

I now need to create an Operation to use my client credentials to connect to the Server and receive the token back.

What adapter would I use as I am unable to link my client credentials and secret  - currently  I am using the EnsLib.HTTP.OutboundAdapter
 but I am not sure if this is the correct.

- How to "translate" the various Docker Compose examples to HCL.

- How does IRIS 'behave' under Nomad?

- maybe even further: using Packer to build the container?

Last year we introduced our new angular-based View page for CCR as part of the UI refresh for the application.  This has been used very effectively by close to 1000 users around the world as the default UI for viewing CCR, and as a result we're getting ready to completely disable the "classic" View page.

Hi everyone

I hope this message finds you well. I am currently working with a database system that allows the configuration of certain options using the SET OPTION statement.

SET OPTION SUPPORT_DELIMITED_IDENTIFIERS = TRUE;

I understand that this setting takes effect at the system level, impacting all sessions and processes. However, I am looking for a way to enable support for delimited identifiers that only affects the current session, without altering the global configuration.

My question is:

Is there a way to set options like SUPPORT_DELIMITED_IDENTIFIERS specifically for a single session?

Hey Community!

We're excited to share the results of the InterSystems Walking Challenge and would like to thank all the members of the Developer Community who joined it and finished the challenge! And now, let's look at the leaderboard 🎊

Dear All,

I have been sent an HL7 message as a file with the MSH segment as follows....

MSH|^~\&|SendingApp|pms3medd|HealthLink|cribrumt|20241121050000|PKI|ORU^R01|01_ASCIItest_2|P|2.3.1||||||UNICODE

I try picking up the file with a "EnsLib.HL7.Service.FileService" business service using a  EnsLib.File.InboundAdapter adaptor.  The Character set is set to "Native" and the Default Char Encoding to latin 1.

I am seeing the following error:

ERROR <Ens>ErrGeneral: Incorrect Character Encoding/Translation Table used for file.(Native/RAW)
+
ERROR <Ens>ErrException: <TRANSLATE>ParseIOStream+71 ^EnsLib.

Hey Community,

Enjoy the new video on InterSystems Developers YouTube:

⏯ FHIR Object Model Classes in VS Code

Hi there,

I'm attempting to use the newest version of git-web-ui now that we've also updated to 2024.1.2. I'm having an issue though where I'm getting a 404 when launching the web gui from the Source Control menu in a production. If I look in the nginx logs I see the following:
2024/11/19 22:00:47 [error] 16#0: *237 open() "/opt/nginx/html/isc/studio/usertemplates/gitsourcecontrol/webuidriver.csp/CUSTRUSH/CUSTRUSHPKG.FoundationProduction.CLS" failed (2: No such file or directory), client: 172.18.0.1, server: localhost, request: "GET /isc/studio/usertemplates/gitsourcecontrol/webuidriver.

Hi Developers!

Welcome to the 17th edition of the InterSystems Ideas bulletin! This time, you can read about the following:

✓ Bringing Ideas to Reality Contest

✓ Recently posted "Community Opportunity" ideas

✓ Vote for implemented ideas you are curious about

I'm attempting to import all the FHIR XSD files provided by http://hl7.org/fhir but get the immediate and unhelpful error message:

I've tried different versions of EOLs to no avail. Any idea what this error could mean?

Here's the XSD I'm trying to import:

<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (c) 2011+, HL7, Inc
 All rights reserved.

Hi Community!

Ceck out the new video dedicated to Gen AI on our InterSystems Developers YouTube:

⏯ Use cases in generative AI

Hi all,

I'm performing a migration of some services from one instance to another, and I noticed that the technique defined within the InterSystems Server Migration Guide does not include OAuth client configurations. The recommended technique is to use the ##class(Security.System).ExportAll() and ##class(Security.System).ImportAll() methods.

Is there a way to migrate OAuth client configurations, or do those have to be re-created manually?

Hi everyone

   when I use JDBC（Version:intersystems-jdbc-3.8.0.jar） to connect to the Iris（Version: 2021.1.2.338 xDBC Protocol Version 63），

    I’m trying to execute SQL statements that include double quotes, but unfortunately, they’re failing.

For example:

[this query]

         SELECT count(*) AS "_pfgnrtd_0" FROM "BILL_COM_PO"."PrintLog"

[Error ]

     Exception in thread "main" java.sql.SQLException: [SQLCODE: <-1>:<Invalid SQL statement>]
     [Location: <Prepare>]
     [%msg: < IDENTIFIER expected, : found^SELECT COUNT ( * ) AS :%qpar(1) FROM :%qpar>]
        at com.intersystems.jdbc.IRISConnection.

Hello My Friends,

I have a question how to use order by %DLIST, this is my code:

SELECT

$ListToString(%DLIST(DISTINCT MRDIA_ICDCode_DR->MRCID_Code),', ' ) ICDX,

$ListToString(%DLIST(DISTINCT (MRDIA_ICDCode_DR->MRCID_Desc || ' (' || MRDIA_DiagnosisType_DR->DTYP_Code || ')')),', ' ) Diagnose

FROM SQLUser.PA_Adm

LEFT JOIN SQLUser.PA_AdmInsurance ON (PAADM_RowID = INS_ParRef AND INS_Rank = 1)

LEFT JOIN SQLUser.PA_AdmPackage ON (PAADM_RowID = PACK_ParRef)

LEFT JOIN SQLUser.MR_Adm on MRADM_ADM_DR = PAADM_RowID

LEFT JOIN SQLUser.MR_Diagnos ON MRADM_RowId = MRDIA_MRADM_ParRef

LEFT JOIN SQLUser.

Welcome to the Q4’2024 quarterly platforms update.  I hope that your 2024 has been incredible and that 2025 is even better. 

If you’re new to these updates, welcome!  This update aims to share recent changes as well as our best current knowledge on upcoming changes, but predicting the future is tricky business and this shouldn’t be considered a committed roadmap. 

With that said, on to the update…

InterSystems IRIS Production Operating Systems and CPU Architectures

Red Hat Enterprise Linux

• Previous Updates
  
  • We’ve completed minor OS certification for RHEL 9.4 & 8.10 on IRIS 2024.

Hey Community,

We're pleased to invite you all to the upcoming kick-off Webinar for InterSystems "Bringing Ideas to Reality" Contest!

During the webinar, our speakers will explore the Community Opportunity Ideas from the InterSystems Ideas Portal, which are the topics of this programming contest. They will show how to develop, build, and deploy applications using the InterSystems IRIS data platform.

Date & Time: Monday, December 2 – 10:00 am EST | 4:00 pm CET  

Good morning
I need the odbc cache 2016 v2.5 driver for windows
Where can I find it?
Thank you
 

InterSystems FAQ rubric

It can be obtained with a List query of the %SYS.Namespace class.

1. Create a routine like this:

getnsp
   set statement=##class(%SQL.Statement).%New()
   set status=statement.%PrepareClassQuery("%SYS.Namespace","List")
   set resultset=statement.%Execute()
   while resultset.%Next() {
       write resultset.%Get("Nsp"),!
   }
   quit

2. Run it in your terminal

The method of executing class queries introduced in this article can be applied in a variety of cases.

You can see various class queries in the class reference.

I have issue with one of my queries. That query work fine for ages, but suddenly stop works and giving me SQLCODE 100 in the routine. 

&SQL(
	  SELECT * FROM (
		SELECT event FROM dhr_log_lasers.production WHERE createDateUTC >= DATEADD(dd, -5, CURRENT_DATE) AND kiosk = :%var("kioskID") GROUP BY machine
		HAVING ID = MAX(ID)
	  ) WHERE event != 2
	 )

If I copy this same query to the management portal and replace variable with real ID I will get back 6 or more rows.

I want to integrate IRIS with Keycloak OAuth2 provider to use delegated authentication everywhere and to secure everything - sys*/Portal applications, REST services, FHIR server and so on. If an unathenticated user tries to access any IRIS URL - he or she should be redirected to Keycloak. After the user has successfully authenticated, i would like to access his requistes (username, email, roles, scopes) extracted from the JWT token, programmatically. What should be done to achieve that?