Security


Subscribe to Security content with RSS Syndicate content or email

How to deploy resources and roles?

Hi, Community!

Consider I have ResourceA which is used by role RoleA in dev environment and want to deploy it with the solution on a target system.

7

views

0

rating

Collision for SHA-1 hash algorithm

The recent announcement of a collision for the SHA-1 hash algorithm has caused some consternation:

https://shattered.io/

12

views

+ 2

rating

Making encrypted datafields SQL-searchable

Overview

Encryption of sensitive data becomes more and more important for applications. For example patient names, SSN, address-data or credit card-numbers etc..

Cache supports different flavors of encryption. Block-level database encryption and data-element encryption. The block-level database encryption protects an entire database.  The decryption/encryption is done when a block is written/read to or from the database and has very little impact on the performance.

With data-element encryption only certain data-fields are encrypted.  Fields that contain sensitive data like patient data or credit-card numbers. Data-element encryption is also useful if a re-encryption is required periodically. With data-element encryption it is the responsibility of the application to encrypt/decrypt the data.

Both encryption methods leverage the managed key encryption infrastructure of Caché.

The following article describes a sample use-case where data-element encryption is used to encrypt person data.  

But what if you have hundreds of thousands of records with an encrypted datafield and you have the need to search that field? Decryption of the field-values prior to the search is not an option. What about indices?

This article describes a possible solution and develops step-by-step a small example how you can use SQL and indices to search encrypted fields. 

75

views

+ 3

rating

SOAP and Delegated Authentication

Hopefully this is a simple questions to respond to.  Can you do Delegated Authentication for SOAP web service calls.  I ask as I am not seeing this work as expected.

66

views

0

rating

Can you keep a secret?

If you are developing applications that use CSP or Zen, or potentially any of the other InterSystems web-related stuff that's built on top of CSP, then it's important to know how to keep one particular secret.

104

views

+ 4

rating

Local instance caché 2016 messed up; server availability error

Hi all, This is a bit embarrassing, and not that critical.  I have a local instance of Caché 2016 on my computer, for playing around with.

96

views

0

rating

How to implement bcrypt algorithm

Hi all,

Is there any bcrypt algorithm on HealthShare? We are trying to use it but ww couldn't find it.

Regards

104

views

0

rating

ASP.NET Identity Caché Provider — working with Identity via InterSystems Caché

Imagine that your .NET project uses the Caché DBMS and you need a fully-functional and reliable authorization system.

159

views

+ 4

rating

NTLM authorization via Ensemble

I am looking for a solution with Ensemble to talk to a old NTLM based SOAP Service. Does anyone has done this before?

58

views

0

rating

SHA-512 seems to be wrong

All,

 

Totally new to Cache and Encryption.  Have a project requirement for SHA-512.  

95

views

0

rating

URL Security over 2 applications

I'm currently re-engineering an application from CSP pages directly accessing COS Methods, to an Angular/Material front end accessing a REST DAL.

77

views

0

rating

Has Anyone Managed to configure CSP Gateway on CentOS 7 with Apache 2.4 and Secure Enhanced Linux Enabled?

Hi!

I am not system admin. But it used to be very simple to install CSP Gateway on an apache system on Linux with Apache installed. I used to run the CSP Gateway installation program and after it was done, all I had to do was fine tune some configurations on CSP Gateway portal on http://<ip>/csp/bin/Systems/Module.cxw and I was up and running.

116

views

0

rating

Login to csp application from remote system

Hi,

i have a csp application (namespace default) to which i like to login from remote. This is possible via

56

views

0

rating

Configuring Caché client applications for SSL/TLS

When using Studio, ODBC or a terminal connection to Caché or Ensemble, you may have wondered how to secure the connection. One option is to add SSL (aka TLS) to your connection.

240

views

+ 10

rating

Looking for examples of Cache Password Pattern specifications

Hi -

96

views

+ 1

rating