Contestant
Contestant

In this article I will explain how to Authenticate, Authorize and Audit by code by using CSP Web Application along with Enabling /Disabling and Authenticate/Unauthenticate any Web Application.

Application Layout
 

30
0 3 121
Contestant


In this article I will demonstrate basics of OAuth2 authentication with GitHub account with the help of online demo 
https://dappsecurity.demo.community.intersystems.com/csp/user/index.csp by using SuperUser | SYS

Recommendations:

We need below 3 steps to achieve the desire :

  • Step 1 : Register Application with GitHub Authentication Server
  • Step 2 : Configure OAuth 2.0 Client from InterSystems Management portal
  • Step 3 : Call API to login with GitHub account


So Let's start 

Step 1 : Register Application with GitHub Authentication Server

In order to register application with GitHub authentication server we need GitHub account. 
Log in to GitHub account and navigate to https://github.com/settings/developers and under OAuth Apps tab click New OAuth App button

 

Enter Application name, Homepage URL, Description and Authorization call back URL
Please note that Authorization call back URL must refer to OAuth2.Response.cls class ({domain}/csp/sys/oauth2/OAuth2.Response.cls)
Click Register Application

This will open detail page. Click Generate a new client secret and save Client ID and Secret Key which we will use while configuring IRIS OAuth2 client

Application is registered successfully

20
0 0 26
Contestant

Hey community, how are you all doing?

What if you could check if your REST application is susceptible to some vulnerability? What if you could check if any known attacks affect your application?

With these issues in mind, we've brought our sample application using the ZAP testing tool. A way to quickly, conveniently provide tools for developers to validate security issues in an accessible manner practically.

30
0 0 40
Contestant
Contestant

The InterSystems IRIS has a great audit system. It is responsible for auditing system events, but you can use it to audit your applications (great feature).

The audit system is based into event concept. The events can occur with IRIS or in an application. So, we have two type of events to the audit system:

1. System events: events occured into the InterSystems IRIS components (database, interoperability, analytics and core);

130
1 4 108
Contestant
Contestant
Contestant

Not so while ago GitHub introduced, ability to very quickly run VSCode in the browser for any repository hosted there. Press the . key on any repository or pull request, or swap .com with .dev in the URL, to go directly to a VS Code environment in your browser.

github dev

This VSCode is a light version of the Desktop version but works entirely in Browser. And due to this, it has a limitation for extensions which was allowed to work this way. And let me introduce the new version 1.2.1 of VSCode-ObjectScript extension which now supports running in Browser mode.

40
0 0 59
Contestant
Contestant
Contestant


I recently published the "appmsw-docbook" module for deploying the solution not by individual programs, but by the entire database. This solution allows you to deploy a project without source codes.

Having received feedback, I decided to improve it significantly. Replaced zip archive with tgz, which will allow not using external system-dependent archivers.

130
1 0 47
Contestant

For some years I missed being able to offer, to everybody interested in ObjectScript, a tutorial more or less complete, to start with ObjectScript. Something that could help more and make things easier to those new developers that come to our technology... something intermediate, halfway between the common "Hello World!", that doesn't really get you further, and the "Advanced Training", that is unaffordable because of lack of time,etc.

If there were something truly helpful not only as an introduction to the ecosystem, but as a starting point, as a boost, to really start to walk into ObjectScript and move forward by yourself... wouldn't that be awesome?

30
0 2 250
Article
Steve Pisani · Nov 23 4m read
Mutual TLS setup

Hi,

I recently needed to setup an SSL/TLS configuration in IRIS that supported mutual authentication (where the server IRIS is establish a connection to is verified, and, where IRIS is in turn verified by the remote host).  After a bit of research and getting it done, I thought it worthwhile to just go over the process I went through in order to potential help others, and save you some time .

20
1 1 97

Pouring The Coffee: Creating and scheduling a task

Don't you wish a fresh, hot cup of coffee could be waiting for you right when you get into the office? Let's automate that!

Cache and IRIS come with a built-in Task Manager, which should have a familiar feel to those used to using the Windows task scheduler or using cron on Linux. Your user account will need access to the %Admin_Task resource to use it, and you can access it in the management portal under System Operation -> Task Manager. When first installed, there are roughly 20 types of task that you can schedule.

50
3 7 213

Apache Zeppelin it's a Multi-purpose notebook that allow you:

  •     Data Ingestion
  •     Data Discovery
  •     Data Analytics
  •     Data Visualization and Collaboration.

Apache Zeppelin interpreter concept allows any language/data-processing-backend to be plugged into Zeppelin. Currently Apache Zeppelin supports many interpreters such as Apache Spark, Apache Flink, Python, R, JDBC, Markdown and Shell.

00
1 2 85

Working in support, I usually get asked how many days I should keep journals. Should it be two days or after two backups? More? Less? Why two?

The correct answer (for most of the environments) is that you should keep the journals since the last validated Backup. I.e., until you don't check if a Backup is valid (restoring the file and checking with the Integrity utility), you can't be sure there is a good copy of your data and can't purge the journals safely.

100
0 7 168

The TOGAF is the The Open Group Architecture Framework. It provides an approach for planning, design, implement, deploy and govern your EA (Enterprise Architecture) projects.

The TOGAF has a concept called Building Block. It is any element that can be used, reused a executed to deliver value and new functions to the business.

In the picture above, I present to you the main IRIS building blocks to create fantastic apps.

40
3 2 69