If you look at the values.yaml of the IKO's Helm chart you'll find:

useIrisFsGroup: false 

Let's break down what it is and in what situations you may want to set it to true.

FsGroup refers to the file system group.

Hi, Community!

🔒Are you linking your InterSystems Cloud Services deployments to a private network? See how to do this securely:

Creating and Managing VPNs with InterSystems Network Connect

https://www.youtube.com/embed/NvAbvzmetB8?utm_source=youtube&utm_medium=social&utm_campaign=NvAbvzmetB8
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

Parallel query hinting boosts certain query performances on multi-processor systems via parallel processing. The SQL optimizer determines when this is beneficial. On single-processor systems, this hint has no effect.

Parallel processing can be managed by:

1. Setting the auto parallel option system-wide.
2. Using the %PARALLEL keyword in the FROM clause of specific queries.

%PARALLEL is ignored when it applied to:

HTTP and HTTPS with REST API

Hello

The HTTP protocol allows you to obtain resources, such as HTML documents. It is the basis of any data exchange on the Web and a client-server protocol, meaning that requests are initiated by the recipient, usually a Web browser.

REST APIs take advantage of this protocol to exchange messages between client and server. This makes REST APIs fast, lightweight, and flexible. REST APIs use the HTTP verbs GET, POST, PUT, DELETE, and others to indicate the actions they want to perform.

When we make a call to a RESt API, what actually happens is an HTTP call. The API receives this call and according to the requested verb and path, the API performs the desired action. In the case of the Iris implementation we can see this clearly in the URLMap definition area:

Hey Community,

Enjoy the new video on InterSystems Developers YouTube:

⏯ Security Database and Wallet - Encryption, Mirroring and More @ Global Summit 2024

https://www.youtube.com/embed/wwwnTOCT03Y
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

SQL injection remains one of the most critical vulnerabilities in database-driven applications, allowing attackers to manipulate queries and potentially access or compromise sensitive data. In InterSystems IRIS, developers have access to both Dynamic SQL and Embedded SQL, each with distinct characteristics. Understanding how to use them securely is essential for preventing SQL injection.

At hackathons that InterSystems participated and I supported, many students were asking how all their teammates could use the same IRIS database that they spun up in a container. I suggested using ngrok to expose their localhost IRIS and realized we don't have documentation on that. Hence, I thought this would be great to let more people knwo about this powerful technique for enhancing collaboration during development and testing.

Hi all,

I'm performing a migration of some services from one instance to another, and I noticed that the technique defined within the InterSystems Server Migration Guide does not include OAuth client configurations. The recommended technique is to use the ##class(Security.System).ExportAll() and ##class(Security.System).ImportAll() methods.

Is there a way to migrate OAuth client configurations, or do those have to be re-created manually?

I have an API set up in IRIS which is secured using an IRIS authentication service, so there is a bearer token being passed down in the request header.

Hi,

I try to generate JWT tokens in Cache (not in IRIS).

In IRIS I managed to generate tokens using ##class(%OAuth2.JWKS).AddOct("HS256",secret,.jwks).

But In Cache there is no such routine.

Could you provide me a place to find an example how to use JWT, please ? I am interested to generate a token in Cache, send it to javascript client, and read a token provided by the client and check it is valid.

Kind regards,

Alin Soare.

Hi Community,

🔐 Make sure your data is secure! Learn some strategies for enhancing security in InterSystems IRIS® data platform:

Navigating SQL Privileges and Security in InterSystems IRIS

https://www.youtube.com/embed/_lBHnrm5Ot4?utm_source=youtube&utm_medium=social&utm_campaign=_lBHnrm5Ot4
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

There's an easy new way to add certificate authority (CA) certificates to your SSL/TLS configurations on InterSystems IRIS 2019.1 (and 2018.1.2) on Windows and Mac. You can ask IRIS to use the operating system's certificate store by entering:

%OSCertificateStore

in the field for "File containing Trusted Certificate Authority X.509 certificate(s)". Here's an image of how to do this in the portal:

So if you are following from the previous post or dropping in now, let's segway to the world of eBPF applications and take a look at Parca, which builds on our brief investigation of performance bottlenecks using eBPF, but puts a killer app on top of your cluster to monitor all your iris workloads, continually, cluster wide!

Continous Profiling with Parca, IRIS Workloads Cluster Wide

We have a CSP pages script, which gets and sets a cookie for email tracking purposes, we had problems with cookies not being passed to this script when the URL was opened from an email client due to being cross-site, so I set Session Cookie Scope & User Cookie Scope to None instead of Strict.

This solved the issue with cookies not being passed, however the script entirely does not work anymore due to the error:

"Invalid CSP response cookie. SameSite cannot be set to None without Secure. : CSP Error"