New post

#Security

7

Security in IT is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.

See the InterSystems Documentation on Security.

Is it possible to authenticate an xDBC (ODBC/JDBC) connection to InterSystems IRIS via (a 3rd party) OAuth server?

For REST APIs this is possible, but could this be achieved with OAuth?

Out-of-the-box the ODBC/JDBC Drivers don't seem to have this option, but maybe some custom code could enable this? perhaps via Delegated Authentication and some OAuth classes customization, or some other way?

Has anyone done this already and can share how it was implemented, or someone with some guideline suggestions?

1 0
0 84
Article
· Jun 30, 2020 3m read
Replicating Audit Log Near Real Time
Many organisations implement centralised log management systems to separate and centralise the log data in order to e.g. automate threat detection (and response) and to comply with regulatory requirements. The primary systems of interest are the various user facing applications, but increasingly also other kinds of systems including integration platforms.
1 2
2 360

Hi,

Our application needs to create system users from a request form.

To use Security classes, it is necessary to have rights to use the %SYS namespace, which is not the case for users who validate requests.

It is not desirable for these users to have this role permanently, so I proceeded as follows:

I created a facade class for the Security.Users, Security.Roles, Security.Resources classes which allows me to log in with an authorized user on the NS %SYS

Here is an example method:

1 7
0 188
Question
· Jun 15, 2016
Oauth 1.0 library

I am in need of a routine or class method to generate an Oauth 1.0 signature. I was about to code this myself, but thought to check first to see if anyone has already done this and is willing to share.

Thanks in advance for any help.

[UPDATE 06/28/2016]

1 3
0 520

Hi Community,

Watch this video to learn about the new and future changes to the security framework in the HealthShare product suite. Topics include OAuth 2.0, SSO, and the Universal Login Page:

Updates in Security in the HealthShare Suite @ Global Summit 2022

https://www.youtube.com/embed/ypX0QnWisNk
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

1 0
0 169
Announcement
· Dec 20, 2022
[Video] Updates in Security

Hey Community,

Join this session to learn more about security-related topics, starting with the change to the OpenSSL libraries and the general distribution of third-party libraries with InterSystems products (e.g., Web Server):

Updates in Security @ Global Summit 2022

https://www.youtube.com/embed/BZ-RGZKhmf8
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

1 0
1 240
Question
· Nov 30, 2022
Delegated Users

In our current UCR arhcitecture, we use two installations. We have one machine with Access, Registry and Edges and one machine with the ODS. On the machine with the Registry, I can create a user/clinician. When I log into the management portal with this user, a so-called delegated user is created in the cached users table. So far everything is going well.

When I try the same on the machine with the ODS I get the message : 'ERROR #822: Access Denied' . so no delegated user is created.... Does anyone have any idea where I can find the solution?

1 1
0 275

I have recently come across a problem saving TrakCare reports as PDF files while using the MS Edge browser on a Windows 10 PC. Whenever a user selected the Save to PDF option the window Tab would crash and reset. The event was trapped and viewable in the Windows Events Viewer and showed a Fault in the AcroPDFImpl64.dll.

1 0
0 1.3K

Hurray for security!

If you're connecting to a local server and doing isolated development with a throwaway account, just store your password in plain text in the settings.json configuration file. But if you're working with a shared server using a "real" user account, it's a good idea to protect that information.

Open Exchange app
1 0
1 220

I was wondering if there was a certain procedure or documentation on securing (Https://) the Web Portal into IRIS/Ensemble?

Currently we are using LDAP Delegated Authentication to access the Web Portal using LDAP. However as more and more emphasis is put on securing applications within networks, I can see Management/Security asking us to make sure that the web portal is more secure.

1 6
1 835

Hi everybody,

Is there any functionality I could use that triggers real time user-defined code on certain audit events? Right now I am interested in triggering such code on a routine modification event, like the one below. I do know how to access this record programmatically, via %SYS.Audit.

Thanks in advance,
Anna

1 8
0 262

Hi,

Has anyone tried to call Security.Users class (in %SYS namespace) for creating or editing users from a shell script (or any programming language)?

If yes, can you please share your code?

We are trying to automate some stuff and would like to know how this worked for others.

Thanks,

Bharath Nunepalli.

1 7
0 323
Article
· Mar 2, 2020 2m read
SQL -99 error while viewing a listing

This error is sometimes seen while viewing a listing in InterSystems IRIS Business Intelligence:
ERROR #5540: SQLCODE: -99 Message: User <USERNAME> is not privileged for the operation (4)

As the error suggests, this is due to a permission error. To figure out which permissions are missing/needed, we can take a look at the SQL query that is generated. We will use a query from SAMPLES as an example.

1 0
0 799

OAuth server to be deployed on the IRIS learning cloud platform. Clients - one on the other instance of the learning IRIS server, the other client locally on my computer in the container docker.

Both clients get a seemingly correct link (through ##class(%SYS.OAuth2.Authorization).GetAuthorizationCodeEndpoint()) to the login request form:

1 3
1 763

Hello everyone smiley

I have a server configuration in a CSP Gateway installed on a PC (let's call it S2) different from the main one (let's call it S1). This configuration allows me to access a web application that is installed on S1, from a client C asking S2 for this webapp. But for now it works only in HTTP between C and S2, and we would like to use HTTPS (as it already works between S2 and S1).

1 8
0 1.7K