Just as a quick caveat, I want to reiterate Nicholai's note on that post that the private web server should not be used for a production system; the private web server is primarily intended for out-of-the-box management portal access. If you need a full featured and https-secured web server to run your application, you should install a full web server.
Use SSL on an external web server such as Apache or IIS. Then disable the internal web server or at least restrict traffic to it. Note that many of the web services in HealthShare (if set up before deploying SSL) will be configured to use the internal (57772) web server. Those URLs in the Service Registry will need to be updated.
If I don't use Https and want to implement simple password transmission encryption and decryption (for example: Base64), as shown in the figure, CSP has completed the encryption operation. Would you like to ask where the decryption operation needs to be handled?
You have to use HTTPS, for such tasks, encryption passwords on the client-side not secure in any way. The only way to make it secure is by using SSL. Base64 is far from Security, anybody with such a string can get a real password. With SSL, it will be impossible to decrypt any traffic between client and server. So, even way, to catch anything about a password.
Hello,
I would say by using https protocol.
Thank you.Lorenzo Scalese . How is HTTPS implemented in healthshare? Is this the only way?
Change% csp.login Is class implementation feasible?
Hi @Botai Zhang
Take a look to this post : https://community.intersystems.com/post/running-management-portal-privat...
Just as a quick caveat, I want to reiterate Nicholai's note on that post that the private web server should not be used for a production system; the private web server is primarily intended for out-of-the-box management portal access. If you need a full featured and https-secured web server to run your application, you should install a full web server.
Use SSL on an external web server such as Apache or IIS. Then disable the internal web server or at least restrict traffic to it. Note that many of the web services in HealthShare (if set up before deploying SSL) will be configured to use the internal (57772) web server. Those URLs in the Service Registry will need to be updated.
Yes, I agree with @Vic Sun.
The built-in web server shouldn't be used in production.
If you're a docker user, perhaps [this](https://github.com/lscalese/isc-webgateway-letsencrypt) can help you.
So, using encryption with let's encrypt needs a fully qualified domain name, but Docker file file and setupWebGateway.sh
could help you.
If I don't use Https and want to implement simple password transmission encryption and decryption (for example: Base64), as shown in the figure, CSP has completed the encryption operation. Would you like to ask where the decryption operation needs to be handled?
You have to use HTTPS, for such tasks, encryption passwords on the client-side not secure in any way. The only way to make it secure is by using SSL. Base64 is far from Security, anybody with such a string can get a real password. With SSL, it will be impossible to decrypt any traffic between client and server. So, even way, to catch anything about a password.
Social networks
InterSystems resources
Log in or sign up
Log in or create a new account to continue
Log in or sign up
Log in or create a new account to continue
Log in or sign up
Log in or create a new account to continue