#Security

6

Security in IT is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.

See the InterSystems Documentation on Security.

I have a personal copy of Cache which I use to help me with certain things. The instance resides on my Windows desktop. The apps I use a web enabled. It would be great if I could access my apps via web browser from my laptop without having to keep a copy of Cache on my laptop. It would make it difficult to keep the databases synced. So, if I restart my Cache instance, then I can use get to my apps by entering the url: http://ipadd:57772/csp/user/myapp.cls.

0 3
0 37

Hi everyone,

I’m working with an existing InterSystems IRIS server that hosts several web applications and namespace-specific code and data. I’d like to reverse-engineer the current environment into a %Installer.Manifest file so I can store it in Git and manage its changes.

My goal is to:

2 1
1 33

SQL injection remains one of the most critical vulnerabilities in database-driven applications, allowing attackers to manipulate queries and potentially access or compromise sensitive data. In InterSystems IRIS, developers have access to both Dynamic SQL and Embedded SQL, each with distinct characteristics. Understanding how to use them securely is essential for preventing SQL injection.

3 0
1 80

Hi Community,

We're super excited to share the first video in the "Rarified Air" series on our InterSystems Developers YouTube:

Securing the Digital Front Door

https://www.youtube.com/embed/wVm3qVpIl0w
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

2 0
0 38

InterSystems is pleased to announce the General Availability (GA) of the 2025.2 release of InterSystems IRIS® data platform. This is a Continuous Delivery (CD) release. Please note that the GA versions of InterSystems IRIS for Health™ and HealthShare® Health Connect™ 2025.2 are currently withheld due to mirroring limitations introduced by security updates (details below).

3 0
1 78

In this 3-part series of articles, is shown how you can use IAM to simply add security, according to OAuth 2.0 standards, to a previously unauthenticated service deployed in IRIS.

In the first part, was provided some OAuth 2.0 background together with some IRIS and IAM initial definitions and configurations in order to facilitate the understanding of the whole process of securing your services.

5 1
0 1.1K

InterSystems IRIS 2025.2 introduces the IRISSECURITY database, the new home for security data. Unlike IRISSYS, the previous home for security data, IRISSECURITY can be encrypted, which secures your sensitive data at rest. In a future version, IRISSECURITY will be mirrorable.

This version also introduces the %SecurityAdministrator role for general security administration tasks.

8 2
3 228

At hackathons that InterSystems participated and I supported, many students were asking how all their teammates could use the same IRIS database that they spun up in a container. I suggested using ngrok to expose their localhost IRIS and realized we don't have documentation on that. Hence, I thought this would be great to let more people knwo about this powerful technique for enhancing collaboration during development and testing.

6 0
1 103

Hello again,

We are still seeking feedback on our two new HealthShare Unified Care Record certification exam designs. This is your opportunity to tell us what knowledge, skills, and abilities are important for Certified HealthShare Unified Care Record Specialists.

The feedback surveys are open until July 20th, 2025. All participants are eligible to receive 7000 Global Masters points for each survey they complete!

2 0
0 24

I am attempting to follow the tutorial at Publishing Web Services Using Caché | Caché Web Services QuickStart Tutorial | Caché & Ensemble 2018.1.4 – 2018.1.11 to build a toy SOAP web-service using Cache but am running into what I suspect are permissions issues, or perhaps setting up the "plumbing" to get an incoming request to call the web-service methods.

0 0
0 30

With the release of InterSystems IRIS Cloud SQL, we're getting more frequent questions about how to establish secure connections over JDBC and other driver technologies. While we have nice summary and detailed documentation on the driver technologies themselves, our documentation does not go as far to describe individual client tools, such as our personal favourite DBeaver. In this article, we'll describe the steps to create a secure connection from DBeaver to your Cloud SQL deployment.

10 21
2 2K

After we rolled out a new cointainer based on containers.intersystems.com/intersystems/irishealth:2023.1 this week, we suddenly noticed that our FHIR Repository started responding with an Error 500. This turns out to be caused by PROTECT violations on the new HSSYSLOCALTEMP namespace and database used by this version of the IRIS for Health FHIR components.

1 0
0 30

Foreword

InterSystems IRIS versions 2022.2 and newer feature the ability to authenticate to a REST API using JSON web tokens (JWTs). This feature enhances security by limiting where and how often passwords transfer over the network in addition to setting an expiration time on access.

The goal of this article is to serve as a tutorial on how to implement a mock REST API using InterSystems IRIS and lock access to it behind JWTs.

14 3
11 1.9K

Background:

This guideline provides an overview of how to design and implement a REST API interface for querying patient demographic data from an Electronic Patient Record (EPR) system using HealthConnect. The process involves sending a query request with the patient's identification number, retrieving the response from the EPR system, extracting the required patient demographic data from the HL7 message, and sending it as a JSON response to the supplier. The high-level process diagram is shown below (Screenshot 1).

4 5
1 167

Hi, Community!

🔒Are you linking your InterSystems Cloud Services deployments to a private network? See how to do this securely:

Creating and Managing VPNs with InterSystems Network Connect

https://www.youtube.com/embed/NvAbvzmetB8?utm_source=youtube&utm_medium=social&utm_campaign=NvAbvzmetB8
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

0 0
0 118

Introduction

In today's rapidly evolving threat landscape, organizations deploying mission-critical applications must implement robust security architectures that protect sensitive data while maintaining high availability and performance. This is especially crucial for enterprises utilizing advanced database management systems like InterSystems IRIS, which often powers applications handling highly sensitive healthcare, financial, or personal data.

9 3
1 155

Parallel query hinting boosts certain query performances on multi-processor systems via parallel processing. The SQL optimizer determines when this is beneficial. On single-processor systems, this hint has no effect.

Parallel processing can be managed by:

  1. Setting the auto parallel option system-wide.
  2. Using the %PARALLEL keyword in the FROM clause of specific queries.

%PARALLEL is ignored when it applied to:

9 0
4 148

What is JWT?

JWT (JSON Web Token) is an open standard (RFC 7519) that offers a lightweight, compact, and self-contained method for securely transmitting information between two parties. It is commonly used in web applications for authentication, authorization, and information exchange.

A JWT is typically composed of three parts:

1. JOSE (JSON Object Signing and Encryption) Header
2. Payload
3. Signature

8 0
4 197
Article
· Feb 14 5m read
HTTP and HTTPS with REST API

HTTP and HTTPS with REST API

Hello

The HTTP protocol allows you to obtain resources, such as HTML documents. It is the basis of any data exchange on the Web and a client-server protocol, meaning that requests are initiated by the recipient, usually a Web browser.

REST APIs take advantage of this protocol to exchange messages between client and server. This makes REST APIs fast, lightweight, and flexible. REST APIs use the HTTP verbs GET, POST, PUT, DELETE, and others to indicate the actions they want to perform.

When we make a call to a RESt API, what actually happens is an HTTP call. The API receives this call and according to the requested verb and path, the API performs the desired action. In the case of the Iris implementation we can see this clearly in the URLMap definition area:

5 0
0 211

Hey Community,

Enjoy the new video on InterSystems Developers YouTube:

Security Database and Wallet - Encryption, Mirroring and More @ Global Summit 2024

https://www.youtube.com/embed/wwwnTOCT03Y
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

0 2
0 211