Hi Community,

We're pleased to invite you to the online meetup with the winners of the InterSystems Security contest!

Date & Time: Friday, December 10, 2021 – 11:00 EDT

What awaits you at this virtual meetup? 

  • Our winners' bios.
  • Short demos on their applications.
  • An open discussion about technologies being used. Q&A. Plans for the next contests.

30
0 2 219
Question
Nicola Sartore · Dec 2, 2021
SNN Encryption

I need to store an equivalent of the SNN (Social Security number). I need it to be encrypted and I'll have to be able to search for it once stored.

For what I've seen my options are: 

- SHAHash from the %system.encryption library. Simple and easy to implement. My question is, might collisions be a problem? We are talking about a 10 millions entry.

- AES encryption. In this case I'd like to know if there is a standard way for key management in the InterSystems environment.

00
0 2 159

Hi contestants!

We've introduced a set of bonuses for the projects for the Interoperability Contest 2021!

Here are projects that scored it:

Project

Basic Auth

Bearer/JWT

OAuth

Authorization

Auditing

Encryption

Docker

ZPM

Online Demo

Code Quality

Article on DC

Video on YouTube

Total Bonus

Nominal 2 3 5 2 2 2 2 2 3 1 2 3 29
appmsw-forbid-old-passwd 2           2 2   1 2   9
isc-apptools-lockdown       2     - -   1 2   5
passwords-tool             2 2   1 2   7
API Security Mediator 2     2 2   2 2 3 1 6 3 23
Audit Mediator         2   2 2   1 4 3 14
iris-disguise             2 2   1 4 3 12
iris-saml-example     5 2     2 2 3 1 2   17
Server Manager 3.0 Preview 2                   4   6
appmsw-dbdeploy             2 2   1 2   7
Data_APP_Security 2   5 2 2   2 2 3 1 4 3 26
IRIS Middlewares             2     1     3
TimeTracking-workers       2     2     1     5
zap-api-scan-sample             2     1 4 3 10
https-rest-api             2           2

Please apply with your comments here in the posts or in Discord.

20
0 17 254
Article
YURI MARX GOMES · Nov 28, 2021 3m read
Leveraging the Audit database

The InterSystems IRIS has a great audit system. It is responsible for auditing system events, but you can use it to audit your applications (great feature).

The audit system is based into event concept. The events can occur with IRIS or in an application. So, we have two type of events to the audit system:

1. System events: events occured into the InterSystems IRIS components (database, interoperability, analytics and core);

20
1 4 221

Created by Daniel Kutac, Sales Engineer, InterSystems

Warning: if you get confused by URLs used: the original series used screens from machine called dk-gs2016. The new screenshots are taken from a different machine. You can safely treat url WIN-U9J96QBJSAG as if it was dk-gs2016.

Part 2. Authorization server, OpenID Connect server

90
2 12 4,019
Article
John Murray · Nov 29, 2021 3m read
Previewing Server Manager 3.0 for VS Code

The InterSystems Server Manager extension for Visual Studio Code lets you define connections to your servers, list their namespaces and edit or view code there. You can also launch Portal for a server.

Server Manager 3.0 improves security by becoming a VS Code Authentication Provider. It is my entry for the November 2021 InterSystems Security Contest. Click here to visit the contest page where you may decide to vote for this entry. Please ignore the clickable "Contestant" label on this article header above, as it relates to a different contest for new DC articles. If you want to support me in that contest, simply "like" this post.

70
1 0 168
Article
Steve Pisani · Nov 23, 2021 4m read
Mutual TLS setup

Hi,

I recently needed to setup an SSL/TLS configuration in IRIS that supported mutual authentication (where the server IRIS is establish a connection to is verified, and, where IRIS is in turn verified by the remote host).  After a bit of research and getting it done, I thought it worthwhile to just go over the process I went through in order to potential help others, and save you some time .

20
1 1 128

Hi Developers!

Here're the technology bonuses for the Security Contest 2021 that will give you extra points in the voting:

  • Basic Authentication usage - 2
  • Bearer/JWT Authentication usage - 3
  • OAuth 2.0 usage - 5
  • Authorization components usage - 2
  • Auditing usage - 2
  • Data Encryption usage - 2
  • Docker container usage - 2 
  • ZPM Package deployment - 2
  • Online Demo - 2
  • Code Quality pass - 1
  • Article on Developer Community - 2
  • Video on YouTube - 3

See the details below.<--break-><--break->

00
0 1 177

Hi Community,

We are pleased to invite all the developers to the upcoming InterSystems Security Contest Kick-off Webinar! The topic of this webinar is dedicated to the Security contest.

We’ll discuss the aspects of Security Model implementation in InterSystems IRIS, the requirements, and what do we expect from participants of the Security contest. Also, we’ll answer all the questions related to the contest!

Date & Time: Monday, November 15 — 12:00 AM EDT

Speakers:  
🗣 @Andreas Dieckow, Principal Product Manager at InterSystems Corporation
🗣 @Evgeny Shvarov, InterSystems Developer Ecosystem Manager


50
0 3 172
Question
Scott Roth · Jan 23, 2019
Single Sign On (SSO)

Does Intersystems specifically Ensemble support a Single Sign On architecture? Currently we are using Delegated sign on using LDAP and TLS, however our CIO would like us to move toward a single sign on, so when you sign into your PC it would automatically pass the credentials to Ensemble.

Thanks

Scott

00
0 3 702

Over the past year or so, my team (Application Services at InterSystems - tasked with building and maintaining many of our internal applications, and providing tools and best practices for other departmental applications) has embarked on a journey toward building Angular/REST-based user interfaces to existing applications originally built using CSP and/or Zen. This has presented an interesting challenge that may be familiar to many of you - building out new REST APIs to existing data models and business logic.

120
6 34 1,160

Hi Community,

Did you know about OWASP and Top Ten Web Application security risks to your Web API or Web Apps?

OWASP is a community foundation created to help us to improve the security of web apps/web APIs. OWASP do the web apps more secure through its community-led open source software projects, hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences.

20
1 2 1,058

Hi Team,
I have a requirement to disable the Production Start/Stop buttons for specific support users. But they should be able to stat/stop Ensemble Hosts.
For that new Role, As per documentation along with other Ens resources, I have added %Ens_ConfigItemRun with RWU access and didnt add %Ens_ProductionRun resource.

This makes the Start/Stop buttons disappear from Production Configuration page ( meeting my requirement). But those users are Unable Start/Stop/Restart Ensemble Business Hosts.

00
0 3 149

I am getting the following error when trying to fect data from DeepSee:

"Error":"ERROR #5002: Cache error: <PROTECT>%Construct+3^%DeepSee.ResultSet.1 ^DeepSee.Cache.LocalResults(\"session\"),e:\\hs-db\\tfoms\\"

However, I cannot find the place this error points me to.

Specifically, it says 'Label %Construct + 3 lines, in the %DeepSee.ResultSet.1', but there does not seem to be such a place. I could only find the %DeepSee.ResultSet class and it does not have a lable named %Construct.

00
0 4 129