#Security

Hi Community,

Please welcome the new video on InterSystems Developers YouTube:

⏯ Advances in Security

https://www.youtube.com/embed/PR9OF4QleWg
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

I used the soap wizard to create a web client based on the wsdl. I was able to get a valid response back, and now it looks like the error is in decrypting the soap message response "inbound"

ERROR #6284: Security header error: SecurityTokenUnavailable.

Hello,

I am working on Ensemble 2017.2.1 .
I need to export my security settings into an extern database, in order to make a report.

I've created a Business Operation with an SQL Adapter into a Namespace, but I don't know how to get every security data from "%SYS" Namespace ( SQLPrivileges , Resources , Roles , Services , Users ... ).

I dont't want to use the terminal and the ^SECURITY routine, because i don't want to store a XML file on the server.

InterSystems Data Platforms products allow you to export and import security settings in two different ways.

This article talks about those options:
- On the command line, using ^SECURITY
- Programmatically, using the Export and Import methods of classes in the Security package

Exporting settings on the command line (^SECURITY)

You can export everything or individual sections of the security settings.

OAuth server to be deployed on the IRIS learning cloud platform. Clients - one on the other instance of the learning IRIS server, the other client locally on my computer in the container docker.

Both clients get a seemingly correct link (through ##class(%SYS.OAuth2.Authorization).GetAuthorizationCodeEndpoint()) to the login request form:

The .NET Core Identity model has an IPasswordHasher<> interface for for

• Hashing a password so that it can be stored in a database
• Verifying a provided plain-text password matches a previously stored hash.

I am getting invalid password errors during the login process when the .NET Core Identity model computes a hash from a plain text input and compares it to a password hash value I've returned from Caché. The default hashing algorithm is PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, and 10,000 iterations (detailed article on .NET Core Identity PasswordHasher). The algorithm Caché uses is probably different which may be why I am getting errors.

IRIS provides us with anti login CSRF attack mitigation, however this is not the same as a CSRF attack, as login attacks only occur on the login form. There are currently no built-in tools to mitigate CSRF attacks on api calls and other forms, so this is a step in mitigating these attacks.

See the following link from OWASP for the definition of a CSRF attack:

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

Presenter: Dan Kutac
Task: Use a common login identity and a central mechanism of authentication across environments from multiple entities
Approach: Provide examples and code samples of an application environment using OpenID Connect and OAuth 2.0

Description: In this session we will demonstrate an application environment using OpenID Connect and OAuth 2.0. Hear how this is done and what options you have; and yes, you get to keep the code.

Problem: How to use a a common login identity (e.g. Facebook credentials) and a central mechanism of authorization cross environments from multiple entities.

Solution: Create awareness and interest in using OAuth 2.0

Content related to this session, including slides, video and additional learning content can be found here.

Hello experts,

I'm new to InterSystems software and still not so familiar with it. Therefore I do apologize in front if this question is irrelevant, not making sense or answer is commonly known.

I've did my best in search for answer, but unfortunately i haven't found anything helpfull. So I decided to ask for help here.

My problem is repetitive error which occure in CSP Gateway event log :

Error Condition: Failed to read posted content from the client (Content-Length: 1404; Data Actually Read: 0; Read Error: 70007)

In part 1 we started working on a security model for DeepSee and create a user type having privileges typical of end users. In this part we are going to create a second user type with ability to edit and create DeepSee pivot tables and dashboards.

I have a few cubes and numerous dashboards and I am ready to deploy them to our end users and administrators. How to configure DeepSee so that users don’t disrupt each other’s areas and are restricted from using functionalities specific to developers?

Hi All,

Can someone help me getting the security features & standards which InterSystmes Cache adheres to ISO 27001 & other security & privacy standards.

Also if you can tell me the algorithm used for database encryption & key strength by default.

This is required for a security audit.

Thanks in advance.
Ashish

Hi Community!

Please welcome a new video onInterSystems Developers YouTube Channel:

Building Powerful LDAP Configurations

https://www.youtube.com/embed/oRQ7NbK-Uk8
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

This article was written as an attempt to share the experience of installing the InterSystems Caché DBMS for production environment.
We all know that the development configuration of a DBMS is very different from real-life conditions.
As a rule, development is carried out in “hothouse conditions” with a bare minimum of security measures, but when we publish our project online, we must ensure its reliable and uninterrupted operation in a very aggressive environment.