New post

#Security

6

Security in IT is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.

See the InterSystems Documentation on Security.

This article was written as an attempt to share the experience of installing the InterSystems Caché DBMS for production environment.
We all know that the development configuration of a DBMS is very different from real-life conditions.
As a rule, development is carried out in “hothouse conditions” with a bare minimum of security measures, but when we publish our project online, we must ensure its reliable and uninterrupted operation in a very aggressive environment.

7 2
5 1.7K

I am currently using InterSystems for patients data management related to intake treatment planning and delivery of dose.

should I create a new attribute to track Patient ID or using an existing attribute within Audit log ? what are the good practices guidelines?

If I use Event Data field to record Patient_ID is it possible out of the box to search entries for a specific Patient_ID ?

0 3
0 377

We have a new requirement being push down by our Data Security to no longer use Local SQL Accounts to access our Databases. So they asked me to create a Service Account that is on the Domain for our connections to each database.

I tried just changing my JDBC connection to using this Service Account and Password but I am not having any luck trying to connect to the database.

" Connection failed.
Login failed for user 'osumc\CPD.Intr.Service'. ClientConnectionId:ade97239-c1c8-4ed1-8230-d274edb2e731 "

1 4
0 3.7K
Question
· Jun 29, 2018
Adding TLS to ZAUTHENTICATE

I wrote a ZAUTHENTICATE.mac a couple of months back, and found recently that it is creating coredumps on almost a nightly basis. I think I have figured out this problem to be not clearing out my MsgSearch after I am doing 2 of them within the code.

1. Get User Attibutes from AD

2. Get User Groups From AD

So while I am trying to cleanup the code I thought it would be a good time to add a Certificate and TLS to the mix since I should of been using that all along. However I keep running into issues

1 14
0 457

In old Caché versions it was possible to create a new role based on predefined %Developer by copying it and adding some resources as needed. It was true at least from 2010.1 to 2015.1.

After upgrade from 2015.1.4 to 2017.2.1 it turned that it's only partially true now. User with a "New-Developer" role can enter Studio and open existing cls/mac/etc for editing and everything is OK unless he tries to create something new (Ctrl-N), than he gets a pop-up with %msg: <User xxx does not have enough privilege to execute stored procedure %CSP.StudioTemplateMgr_Templates>

1 3
0 457

Hi,

I have a client who is considering encryption options in order to comply with a tendering requirement.

Were they to encrypt the production database then what would be a reasonable expectation forthe impact on message throughput. Or possibly more easily answered: what would be the expected impact be on I/O rate and CPU utilization. Are there any benchmarks to which could support an estimate ?

How would this compare with plan B: to use disk encryption ?

Thanks

0 3
0 468
Question
· Apr 6, 2018
Delegated Sign On Bypass

Is there a way to make the system users like _SYSTEM and ensadm bypass the Delegated sign-on and not cause it to fill up the Audit trail with "Programmer mode login failure"?? I figured I still had to leave password login enabled for the background users to run. How would I script if username = "_SYSTEM" then don't do the Delegated sign on?

Here is my ZAUTHENTICATE

0 3
0 347

I need to offer new users on our system a temporary password that is valid for only 48 hours. This is different than a 60-day password expiration window for existing users' passwords (where a password needs to be changed every 60 days), and is different than a "user expiration date", where you can set a date where the user's account expires and is disabled on that date, and different than the inactivity expiration date where a user becomes active if his account is not used within, say, 30 days.

0 2
0 430

I was running the %File:FileSet class query, with my development user, but I am unable to run this query for an application user. Does anyone know what resource or service is needed to run this query? Assume the user has access to a certain directory on the file system needed for the query.

On second though, having tried almost all the available resources and services, perhaps the user doesn't have access to the directory. How to tell when the error is this:

0 13
0 626

I am working through trying to use ZAUTHENTICATE.mac and LDAP.mac to do Delegated sign on into Ensemble. In reading over the samples and the documentation, I am not clearly finding on how to set the Appropriate Role from the LDAP group I return. Can someone help explain this part to me? If I have a user sign on, and I return a "Group" from the Authentication, how do I get that to transform into the Role I need for Ensemble.

Thanks

Scott Roth

0 1
0 521
Question
· Jan 15, 2018
Access token storage

Hi community ,

i work actually on the access token generation method , i want know where the generated access token are saved ?

My [OAuth2.AccessToken] tabe is empty , it's logical?

thank's for helping .

Best regards

0 5
0 772

Hi, Community!

Please welcome a new session recording from Global Summit 2017:

Migrating Apps to the Cloud : The Basics

https://www.youtube.com/embed/q9Vbx8WDww0
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

1 0
0 218

Hi community ,

i use postman for testing my request , i need to extract access token from it (i put it inside the "Get url" using post man before sending my request).

i use the GetAccessTokenFromRequest of (%SYS.OAuth2.AccessToken) class , but in my rest code party , when i send request from post man , i can't extract my access token, it's empty.

can please give me help?

thank you

0 1
0 305
InterSystems continuously monitors our systems for any evidence of attempts to exploit vulnerabilities such as the newly announced Meltdown and Spectre attack vectors.
At this time we have seen no indications of attempts to target InterSystems systems or technology using these vulnerabilities.
· InterSystems is aware of recently reported cybersecurity vulnerabilities known as Meltdown and Spectre that affect a wide range of computer processors (See US-CERT Alert TA 18-004A, Meltdown and Spectre Side-Channel Vulnerability Guidance,
7 0
0 1.1K
Article
· Jan 4, 2018 5m read
Caché audit & DeepSee

Apart from the database server itself, the standard bundle of the Caché DBMS includes DeepSee, a real-time business intelligence tool. DeepSee is the quickest and the simplest way of adding OLAP functionality to your Caché application.

Another standard component is an Audit subsystem with a web interface, which has the options for expanding with your own event types and an API for using in an application code.

Below is a small example of the joint use of these subsystems that answers the following questions: who did what and when in an information system?

1 2
1 673
Question
· Dec 26, 2017
API resources acces

Hi community ,

i worked this last time on the access token generate method , now it's ok, i want use the received access token to have access for asking the resources server.

i found the [%SYS.OAuth2.AccessToken] class which describes how add access token in the http request header , but i don't know how use it in my project.

Do me take only this class or the full package %SYS.OAuth2.

Thank you for helping .

0 1
0 480

I am trying to find documentation on how Cache Studio locks a Routine/Class a developer is editing.

On the flip side, I am looking for documentation on how Atelier does the same.

Ultimately I am looking for the differences and what happens if both Studio and Atelier through different developers go after the same Routine/Class.

I am not asking for an answer (however that would be nice), I am looking for pointers to documentation.

4 7
0 630

Hi all, This is a bit embarrassing, and not that critical. I have a local instance of Caché 2016 on my computer, for playing around with. I was attempting to set up two-factor authentication on this instance, and I thought I simply disabled all users except for my own user and enabled two-factor for this user. The next time I tried to login to the Management portal, I received a Server Availability Error:

http://localhost:57772/csp/sys/UtilHome.csp

0 9
0 2.4K