Security in IT is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.
Actually, I'm developing few restful API's. I want to create a authentication tokens and display it on my login restful API. If I'm using CSP sessionId, how can I validate the session Id's in another or continues restful API's. else, is there any other approach to handle this task.
My Primary goal is, I have to integrate 2 different front end applications. One is Zen framework another one is web pages from Python.
I used the soap wizard to create a web client based on the wsdl. I was able to get a valid response back, and now it looks like the error is in decrypting the soap message response "inbound"
We are currently performing encryption at the OS level but it makes storage expansion complicated. Any feedback on OS encryption vs. Ensemble? Pros/Cons. We will have CentOS7 on our new server.
i use postman for testing my request , i need to extract access token from it (i put it inside the "Get url" using post man before sending my request).
i use the GetAccessTokenFromRequest of (%SYS.OAuth2.AccessToken) class , but in my rest code party , when i send request from post man , i can't extract my access token, it's empty.
I'm using Atelier 1.3. When we configure a server and use HTTP to connect, works fine. But when we activate the Secure connection option I get the Unregonized SSL message, plaintext connection?
Do I need to perform any configuration on my server so that Atelier can access a secure connection?
I have a need to restrict ODBC access to certain users to prevent unwanted access to our cache database.
We have a limited number of legacy applications that use ODBC to connect to read data and are currently not in a position to have these amended any time soon so in the interim, I am hoping someone will be able to provide me with some assistance.
I need to store an equivalent of the SNN (Social Security number). I need it to be encrypted and I'll have to be able to search for it once stored.
For what I've seen my options are:
- SHAHash from the %system.encryption library. Simple and easy to implement. My question is, might collisions be a problem? We are talking about a 10 millions entry.
- AES encryption. In this case I'd like to know if there is a standard way for key management in the InterSystems environment.
I am trying to lock down security within our Development environment per requirements from a Security Audit that was done earlier this year. I need to try to limit access at a public level, access to cache users, and exposure.
I installed IRIS with the Lockdown method, and have configured my web applications, services, resources, etc.
When I go into my namespace, I am constantly presented with the following error when I try to start or stop an Object...
I'm VERY novice on all things "OpenAM", and beyond knowing that Caché supports working with OpenAM, I have nothing else to go on.
The documentation doesn't seem to be very deep on the nature of how this works beyond a single paragraph saying it's supported for Single Sign On (SSO).
I need to automate the handling of usernames passwords, serverNames etc for use in the sending and receiving of emails, logging into SFTP servers etc etc for use within COS code To manage external passwords we could use LastPass or any other proprietary password loggers, but I need to be able to call them as part of the automation (COS code) and occasionally visually look them up to "remind" the staff of their passwords.
any suggestions as to the best class data constructs to handle this scenario. Should the whole table be encrypted, only the passwords etc.
I am working on Ensemble 2017.2.1 . I need to export my security settings into an extern database, in order to make a report.
I've created a Business Operation with an SQL Adapter into a Namespace, but I don't know how to get every security data from "%SYS" Namespace ( SQLPrivileges , Resources , Roles , Services , Users ... ).
I dont't want to use the terminal and the ^SECURITY routine, because i don't want to store a XML file on the server.
Is there a way for us to restrict user's ODBC permissions based on what program they're running on a client?
For example, we have some older Windows apps (.exe) that are a regular part of our software package which require the user to be able to select, insert, update, and delete. Some of our users are also using other third-party apps to connect (mostly reporting tools) but we only want them to be able to select unless we've approved the exe. Is there a way to do that?
These are not applications that were developed using CacheDirect.
I recently started work on trying to Tighten Security in our Development Instance of IRIS that is running based on recommendations from our Audit as you might of seen from my other posts. I am currently trying to get into the Private Web Gateway Manager within IRIS as CSPSystem, but when I attempt to sign in nothing happens.
I went through and reset the password in the CSP.ini and within IRIS for CSPSystem. I made sure it had the new GatewayRole per suggested
I know %CSP.Daemon is supposed to clean up old CSP sessions (?). In my management portal, under System/ License Usage, I see 33 "Units" used (and there are 33 licenses in use), but usernames from old IP address and that are not being used. Their active times are often in the millions of seconds. They are not "on" the system right now.
At most, only 3 users are on the system right now.
Are these supposed to be cleaned up? Can I clean them up programmactially, and how would I know if they're not active?
We are planning to use Caché users on a SOAP web-service, so the WS-security tokens will be used. It will be username and password only for now. The passwords should expire on a regular basis and this will be configured in the system-wide security settings. The consumer of the web-service should be able to change their password on-demand or when it has expired, via a web-service call.
For the on-demand change, I can create a service method which can be called by the consumer to change the password.
I am working through trying to use ZAUTHENTICATE.mac and LDAP.mac to do Delegated sign on into Ensemble. In reading over the samples and the documentation, I am not clearly finding on how to set the Appropriate Role from the LDAP group I return. Can someone help explain this part to me? If I have a user sign on, and I return a "Group" from the Authentication, how do I get that to transform into the Role I need for Ensemble.
Does Intersystems specifically Ensemble support a Single Sign On architecture? Currently we are using Delegated sign on using LDAP and TLS, however our CIO would like us to move toward a single sign on, so when you sign into your PC it would automatically pass the credentials to Ensemble.
We are looking for a 3rd party application that can scan our IRIS based Cache Object Script code for vulnerabilities or coding weaknesses. There are many, many applications/vendors out there that do code scanning but none seem to support Cache Object Script or scanning the IRIS environment. If anyone is aware of a company/product that can scan our code / IRIS environment, I would love to hear about it.
Will it hurt anything if I disable the user that installed IRIS, within IRIS? Does this cause a problem with background processes running or with the restart? I know the _Ensemble user is used to start/stop/restart objects within IRIS, just didn't see anything in the documentation about the user that installed IRIS.
We are using Cache in our application. We are using default username/password for connecting to the Cache Database through Cache Manege Provider. Can we limit the permission of the user _SYSTEM to access only limited database/namespace.
Can we create new user for ODBC connection? Is there any API provided for creating user with limited access so that the user creation process can be automated.
By likes
I unable to change response Class..png)
.png)