Security in IT is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.
Is it possible to authenticate an xDBC (ODBC/JDBC) connection to InterSystems IRIS via (a 3rd party) OAuth server?
For REST APIs this is possible, but could this be achieved with OAuth?
Out-of-the-box the ODBC/JDBC Drivers don't seem to have this option, but maybe some custom code could enable this? perhaps via Delegated Authentication and some OAuth classes customization, or some other way?
Has anyone done this already and can share how it was implemented, or someone with some guideline suggestions?
Many organisations implement centralised log management systems to separate and centralise the log data in order to e.g. automate threat detection (and response) and to comply with regulatory requirements. The primary systems of interest are the various user facing applications, but increasingly also other kinds of systems including integration platforms.
Our application needs to create system users from a request form.
To use Security classes, it is necessary to have rights to use the %SYS namespace, which is not the case for users who validate requests.
It is not desirable for these users to have this role permanently, so I proceeded as follows:
I created a facade class for the Security.Users, Security.Roles, Security.Resources classes which allows me to log in with an authorized user on the NS %SYS
It sometimes happens that due to an adverse event the AUDIT database (IRISAUDIT)has grown to such proportions that the disk it resides on is full and the daily purge cannot be expected to reclaim disk space.
I am in need of a routine or class method to generate an Oauth 1.0 signature. I was about to code this myself, but thought to check first to see if anyone has already done this and is willing to share.
Watch this video to learn about the new and future changes to the security framework in the HealthShare product suite. Topics include OAuth 2.0, SSO, and the Universal Login Page:
https://www.youtube.com/embed/ypX0QnWisNk [This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]
I need a way to securely store credentials in IRIS that are used to access third-party APIs. These credentials include different clientId/secret pairs that I don't want to expose. While I know that it's possible to define Production Credentials in Ens.Config.Credentials, I understand that they are stored in plain text.
Join this session to learn more about security-related topics, starting with the change to the OpenSSL libraries and the general distribution of third-party libraries with InterSystems products (e.g., Web Server):
https://www.youtube.com/embed/BZ-RGZKhmf8 [This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]
In our current UCR arhcitecture, we use two installations. We have one machine with Access, Registry and Edges and one machine with the ODS. On the machine with the Registry, I can create a user/clinician. When I log into the management portal with this user, a so-called delegated user is created in the cached users table. So far everything is going well.
When I try the same on the machine with the ODS I get the message : 'ERROR #822: Access Denied' . so no delegated user is created.... Does anyone have any idea where I can find the solution?
I have recently come across a problem saving TrakCare reports as PDF files while using the MS Edge browser on a Windows 10 PC. Whenever a user selected the Save to PDF option the window Tab would crash and reset. The event was trapped and viewable in the Windows Events Viewer and showed a Fault in the AcroPDFImpl64.dll.
If you're connecting to a local server and doing isolated development with a throwaway account, just store your password in plain text in the settings.json configuration file. But if you're working with a shared server using a "real" user account, it's a good idea to protect that information.
I was wondering if there was a certain procedure or documentation on securing (Https://) the Web Portal into IRIS/Ensemble?
Currently we are using LDAP Delegated Authentication to access the Web Portal using LDAP. However as more and more emphasis is put on securing applications within networks, I can see Management/Security asking us to make sure that the web portal is more secure.
Is there any functionality I could use that triggers real time user-defined code on certain audit events? Right now I am interested in triggering such code on a routine modification event, like the one below. I do know how to access this record programmatically, via %SYS.Audit.
This error is sometimes seen while viewing a listing in InterSystems IRIS Business Intelligence: ERROR #5540: SQLCODE: -99 Message: User <USERNAME> is not privileged for the operation (4)
As the error suggests, this is due to a permission error. To figure out which permissions are missing/needed, we can take a look at the SQL query that is generated. We will use a query from SAMPLES as an example.
OAuth server to be deployed on the IRIS learning cloud platform. Clients - one on the other instance of the learning IRIS server, the other client locally on my computer in the container docker.
Both clients get a seemingly correct link (through ##class(%SYS.OAuth2.Authorization).GetAuthorizationCodeEndpoint()) to the login request form:
In System Management Portal, I'm on UnknownUser (which I've accidentally removed the %All role from), so I log out of UnknownUser and try to log in as root or Admin, but only see the following screen:
I have a server configuration in a CSP Gateway installed on a PC (let's call it S2) different from the main one (let's call it S1). This configuration allows me to access a web application that is installed on S1, from a client C asking S2 for this webapp. But for now it works only in HTTP between C and S2, and we would like to use HTTPS (as it already works between S2 and S1).
I have a few cubes and numerous dashboards and I am ready to deploy them to our end users and administrators. How to configure DeepSee so that users don’t disrupt each other’s areas and are restricted from using functionalities specific to developers?