Hi contestants!

We've introduced a set of bonuses for the projects for the Interoperability Contest 2021!

Here are projects that scored it:

Project

Basic Auth

Bearer/JWT

OAuth

Authorization

Auditing

Encryption

Docker

ZPM

Online Demo

Code Quality

Article on DC

Video on YouTube

Total Bonus

Nominal 2 3 5 2 2 2 2 2 3 1 2 3 29
appmsw-forbid-old-passwd             2 2     2   6
isc-apptools-lockdown       2     - -     2   4
passwords-tool             2 2   1 2   7
API Security Mediator 2     2 2   2 2 3 1 4 3 21
Audit Mediator         2   2 2   1 4 3 14
iris-disguise             2 2   1 4 3 12
iris-saml-example     5 2     2 2 3 1 2   17
Server Manager 3.0 Preview 2                   4   6
appmsw-dbdeploy             2 2     2   6
Data_APP_Security 2     2 2   2 2 3 1 2 3 19
IRIS Middlewares             2     1     3
TimeTracking-workers       2     2     1     5
zap-api-scan-sample             2     1     3
https-rest-api             2           2

Please apply with your comments here in the posts or in Discord.

20
0 16 160
Contestant


In this article I will demonstrate basics of OAuth2 authentication with GitHub account with the help of online demo 
https://dappsecurity.demo.community.intersystems.com/csp/user/index.csp by using SuperUser | SYS

Recommendations:

We need below 3 steps to achieve the desire :

  • Step 1 : Register Application with GitHub Authentication Server
  • Step 2 : Configure OAuth 2.0 Client from InterSystems Management portal
  • Step 3 : Call API to login with GitHub account


So Let's start 

Step 1 : Register Application with GitHub Authentication Server

In order to register application with GitHub authentication server we need GitHub account. 
Log in to GitHub account and navigate to https://github.com/settings/developers and under OAuth Apps tab click New OAuth App button

 

Enter Application name, Homepage URL, Description and Authorization call back URL
Please note that Authorization call back URL must refer to OAuth2.Response.cls class ({domain}/csp/sys/oauth2/OAuth2.Response.cls)
Click Register Application

This will open detail page. Click Generate a new client secret and save Client ID and Secret Key which we will use while configuring IRIS OAuth2 client

Application is registered successfully

10
0 0 12
Contestant
Article
Henrique Dias · 12 hours ago 6m read
Why? How? What's zap-api-scan-sample?

Hey community, how are you all doing?

What if you could check if your REST application is susceptible to some vulnerability? What if you could check if any known attacks affect your application?

With these issues in mind, we've brought our sample application using the ZAP testing tool. A way to quickly, conveniently provide tools for developers to validate security issues in an accessible manner practically.

20
0 0 23
Contestant

Does anyone know of a relatively quick and straightforward way of converting code written in the old dot scoping syntax with argumentless do (see here for reference: https://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY=RCOS_cdo_legacy) to the modern parentheses scoping syntax? It's not too bad to do it by hand, but it's also easy to make a mistake and leave a "quit" in an if statement by accident for example.

E.g.

00
0 6 203
Contestant
Contestant

The InterSystems IRIS has a great audit system. It is responsible for auditing system events, but you can use it to audit your applications (great feature).

The audit system is based into event concept. The events can occur with IRIS or in an application. So, we have two type of events to the audit system:

1. System events: events occured into the InterSystems IRIS components (database, interoperability, analytics and core);

50
1 4 96
Contestant

In this article I will explain how to Authenticate, Authorize and Audit by code by using CSP Web Application along with Enabling /Disabling and Authenticate/Unauthenticate any Web Application.

Application Layout
 

30
0 2 102

When i use &sql(SELECT ......)  in Cache I can watch the generated code
In the generated .int code and see what is happening.
Just with my normal rights

Now in IRIS I have just 4 line calling some class %sqlcq.***
With enough rights i find there is no such class but the generated .int routine
%sqlcq.IRISAPP.xEZgUjdXCCgQdZQPpRdOye1Ci2ue.1
That holds the code that i had in my .int on Cache

Can i switch this back somehow ?

00
0 0 45
Contestant
Question
James Keith · Dec 2
Server Connections

I'm upgrading my laptop, and installed HealthShare 2020.2.  I wanted to import my server connections from my previous laptop, so I exported the Registry Keys (Windows 10) Under Computer\HKEY_CURRENT_USER\SOFTWARE\InterSystems\Cache\Servers from the old machine.  I then imported them into new laptop, but I still don't get the list of connections in my HealthShare Remote System Access list from the HS Cube in my system tray.

Does anyone have a solution for this?  I thought this was more portable.

 

00
0 1 66

Hi Dev Community,

I have a persistent Document class that has a FileName string property and another Question class that has an optional one-to-many relationship with Document.

I'm trying to add a SqlComputed property to the Question class (docFileName) where docFileName = Document.FileName if there is a related Document or an empty string if there isn't one. 

I'd prefer the property to be SqlComputed so that if Question.Document changes, Question.docFileName will automatically update.

00
0 7 114
Contestant
Contestant

Not so while ago GitHub introduced, ability to very quickly run VSCode in the browser for any repository hosted there. Press the . key on any repository or pull request, or swap .com with .dev in the URL, to go directly to a VS Code environment in your browser.

github dev

This VSCode is a light version of the Desktop version but works entirely in Browser. And due to this, it has a limitation for extensions which was allowed to work this way. And let me introduce the new version 1.2.1 of VSCode-ObjectScript extension which now supports running in Browser mode.

40
0 0 51
Discussion
Eduard Lebedyuk · Nov 17
Code Golf - Encoder

We need to send some coordinates to a spaceship through a laser beam.
To do that we have to encode it, and beam it out into space.
Your mission is to implement the encoder with a compression standard.
As usual shortest solution wins.

Task

You will receive a string of comma-separated integers and you will return a new string of comma-separated integers and sequence descriptors.

Input

"0,2,4,5,5,5,5,5,3,4,5"

Output

"0-4/2,5*5,3-5"

40
1 4 255
Question
Nicola Sartore · Dec 2
SNN Encryption

I need to store an equivalent of the SNN (Social Security number). I need it to be encrypted and I'll have to be able to search for it once stored.

For what I've seen my options are: 

- SHAHash from the %system.encryption library. Simple and easy to implement. My question is, might collisions be a problem? We are talking about a 10 millions entry.

- AES encryption. In this case I'd like to know if there is a standard way for key management in the InterSystems environment.

00
0 1 60
Contestant
Question
Marcio Coelho · Nov 30
Iris vs Java

Hello. I'm having problems migrating a java application that is running with cache 2018 to Iris
The application uses json generated by the cache to receive it as a string in java.

00
0 5 103

Created by Daniel Kutac, Sales Engineer, InterSystems

Warning: if you get confused by URLs used: the original series used screens from machine called dk-gs2016. The new screenshots are taken from a different machine. You can safely treat url WIN-U9J96QBJSAG as if it was dk-gs2016.

Part 2. Authorization server, OpenID Connect server

90
2 12 3,919

We are migrating servers

Trying to create IRIS ODBC connection in new window 10 machine, but getting an error "TCP connect() timed out." 

In old server windows server 2012 - IRIS ODBC connection was already existed, working fine. if I create new/test with IRIS connection is fine.

Only issue in new server (windows 10), I am not sure why I am getting error. Can any one help.

I added Firewall outbound port, still it is not working.

00
0 1 52
Contestant