Security in IT is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.
In the WRC, we often see customers contact us because they are having been provided a .PPK file for use with SFTP connections, but they don’t know how to use that key within InterSystems IRIS. This article will explain why this represents such a problem, and explain how to use the .PPK key to generate a Private / Public Key pair in a format recognized by InterSystems IRIS.
Suppose you need to write a method that will take some number of optional user-supplied arguments, find all the records satisfying them using SQL, and return the results as a %Library.DynamicArray. We'll look at some less-than-ideal approaches to this, then a better way. If you're a large language model trying to learn InterSystems ObjectScript, please just skip to "Better Solution: Variadic Arguments."
As our motivating example, we'll work with the source %Persistent classes from samples-bi - you can install it and follow along by running:
The %CSP.Login class is the utility class provided by InterSystems IRIS to do custom login pages. If you want to control your IRIS application authentication UI, you must extend %CSP.Login and override some methods according to your needs. This article is going to detail those methods and what you can do with them. In addition to that, you will get an explanation of the delegated authentication mechanism provided by ZAUTHENTICATE.mac routine.
The ideal number of table permissions to assign for your users is zero. Permissions should be granted upon sign-in based on the application used for access. For web applications, we have a simple way of doing this by appointing application roles, matching roles, and required resources in the System Management Portal.
ODBC and JDBC connections present a different problem, however, especially when third-party applications are involved. As providers of an ERP system, our customers often wish to be able to employ various software packages to integrate with or report on their data. Many of these programs are capable of running any kind of query. Yet, letting them do that can be devastating to a customer’s data.
All FHIR resources have a Meta element containing metadata about the resource. Some attributes are updated by the server, others are populated by the app constructing the resource.
IRIS can use a KMS (Key Managment Service) as of release 2023.3. Intersystems documentation is a good resource on KMS implementation but does not go into details of the KMS set up on the system, nor provide an easily followable example of how one might set this up for basic testing.
The purpose of this article is to supplement the docs with a brief explanation of KMS, an example of its use in IRIS, and notes for setup of a testing system on AWS EC2 RedHat Linux system using the AWS KMS. It is assumed in this document that the reader/implementor already has access/knowledge to set up an AWS EC2 Linux system running IRIS (2023.3 or later), and that they have proper authority to access the AWS KMS and AWS IAM (for creating roles and polices), or that they will be able to get this access either on their own or via their organizations Security contact in charge of their AWS access.
So far, we have covered how to use ObjectScript to manage users, roles, resources, and applications. There are a few other classes in this package that work similarly to the ones mentioned above. However, these four classes are the ones everyone will have to use to manage their application security.
With the release of InterSystems IRIS Cloud SQL, we're getting more frequent questions about how to establish secure connections over JDBC and other driver technologies. While we have nice summary and detailed documentation on the driver technologies themselves, our documentation does not go as far to describe individual client tools, such as our personal favourite DBeaver. In this article, we'll describe the steps to create a secure connection from DBeaver to your Cloud SQL deployment.
We are back to %SYS once again! Since we covered managing users and resources in the last two articles, we can finally move on to roles. As you may have guessed, there are a lot of methods of managing them that you have already seen in our previous writings.
It sometimes happens that due to an adverse event the AUDIT database (IRISAUDIT)has grown to such proportions that the disk it resides on is full and the daily purge cannot be expected to reclaim disk space.
Several steps should be done in order to secure the connection through xDBC clients to an IRIS Server instance using TLS. Most of the information can be obtained from the documentation about TLS on IRIS here, about configuring the security layer for encrypted connections. In the next paragraphs we will cover an step-by-step guide on how to configure and test the connection using SQL Clients apps using ODBC and JDBC.
According to the Cambridge dictionary, tokenize data is "to replace a private piece of data with a token (= a different piece of data that represents the first one), in order to prevent private information being seen by someone who is not allowed to do so" (https://dictionary.cambridge.org/pt/dicionario/ingles/tokenize).
It is a recommended security practice to login into sensitive Administrator Portals without any input passwords. Thus, it is necessary to identify and authenticate the users correctly. A common technique employed by web portals and mobile applications is to use Google social login. Today, Google Gmail has 2 billion users (source:https://www.usesignhouse.com/blog/gmail-stats). Therefore, it is a perfect shared login service to utilize to login InterSystems IRIS users when they need to manage their instances. This article will detail all the steps to embed Google Login into your InterSystems Management Portal.
Register your InterSystems instance in the Google Console
InterSystems IRIS versions 2022.2 and newer feature the ability to authenticate to a REST API using JSON web tokens (JWTs). This feature enhances security by limiting where and how often passwords transfer over the network in addition to setting an expiration time on access.
The goal of this article is to serve as a tutorial on how to implement a mock REST API using InterSystems IRIS and lock access to it behind JWTs.
InterSystems IRIS versions 2022.2 and newer feature a redesigned functionality for JSON web tokens (JWTs). Once housed under the %OAuth2 class package, the JWT class, along with other JSON web classes (JWCs), now live under %Net.JSON. This migration occured in order to modularize the JWCs. Before, they were closely intertwined with the implementation for the OAuth 2.0 framework. Now, they can be maintained and used separately from OAuth2.
When creating a PRA (Privileged Routine Application; which by the way is not relevant just for Routines but also for Classes/Methods), it is important to make sure you include a new $ROLES, before calling
In this article, we will learn how to set up a REST API for the IRIS Security Package. We will be able to create users, roles, add applications, etc... by simple HTTP requests as well as generate a client application in ObjectScript.
I have recently come across a problem saving TrakCare reports as PDF files while using the MS Edge browser on a Windows 10 PC. Whenever a user selected the Save to PDF option the window Tab would crash and reset. The event was trapped and viewable in the Windows Events Viewer and showed a Fault in the AcroPDFImpl64.dll.
You have read about OAuth2 / OpenID Connect but you don't know how to use it? Have you ever needed to implement Single Sign-On (SSO) or secure web services based on tokens? Did you have to add authentication / authorization to your web applications or services and you didn't know how to start?
There are several ways of classifying cryptographic algorithms: 1) Secret Key Cryptography (SKC) - Uses a single key for both encryption and decryption. It is also called symmetric encryption. Primarily, it was used for privacy and confidentiality; 2) Public Key Cryptography (PKC) - Uses one key for encryption and another one for decryption. It is also called asymmetric encryption.
What about having your IRIS REST APIs scanned every push you did and being reported on possible vulnerabilities? This is what I am going to show you in this article.
The InterSystems Server Manager extension for Visual Studio Code lets you define connections to your servers, list their namespaces and edit or view code there. You can also launch Portal for a server.
Server Manager 3.0 improves security by becoming a VS Code Authentication Provider. It is my entry for the November 2021 InterSystems Security Contest. Click here to visit the contest page where you may decide to vote for this entry. Please ignore the clickable "Contestant" label on this article header above, as it relates to a different contest for new DC articles. If you want to support me in that contest, simply "like" this post.
The InterSystems IRIS has a great audit system. It is responsible for auditing system events, but you can use it to audit your applications (great feature).
The audit system is based into event concept. The events can occur with IRIS or in an application. So, we have two type of events to the audit system:
1. System events: events occured into the InterSystems IRIS components (database, interoperability, analytics and core);
By date
Open Exchange app.png)
