Security in IT is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.
Is there any mechanism already implemented in IRIS to prevent XSS exploits ?
This case happen when user input html/javascript content into fields and submit the page. If saved content is rendered as is, it's going to be executed by anyone visiting the page.
I have an API set up in IRIS which is secured using an IRIS authentication service, so there is a bearer token being passed down in the request header.
We have a CSP pages script, which gets and sets a cookie for email tracking purposes, we had problems with cookies not being passed to this script when the URL was opened from an email client due to being cross-site, so I set Session Cookie Scope & User Cookie Scope to None instead of Strict.
This solved the issue with cookies not being passed, however the script entirely does not work anymore due to the error:
"Invalid CSP response cookie. SameSite cannot be set to None without Secure. : CSP Error"
I try to generate JWT tokens in Cache (not in IRIS).
In IRIS I managed to generate tokens using ##class(%OAuth2.JWKS).AddOct("HS256",secret,.jwks).
But In Cache there is no such routine.
Could you provide me a place to find an example how to use JWT, please ? I am interested to generate a token in Cache, send it to javascript client, and read a token provided by the client and check it is valid.
I'm trying to create a user with access to the HS namespaces management portal. I'm having trouble identifying the correct resource to assign to the user. I'm testing various resources, but every time I go to the HS management section, a blank page appears, and the Home button disappears.
In a customer project we started enforcing the "Inactivity Limit" as defined in System-Wide Security Parameters. The customer would expect accounts to become Disabled after they have been inactive for the specified amount of days. However, that doesn't happen; it seems the Inactivity Limit is only established after logging in.
Furthermore, the account inactivity only starts being applied after the first login. Can you confirm that?
Lastly, for accounts that have been manually Disabled, and have an expired password, we see the following weird behavior:
I want to try out iris-DataViz app to visualize my own data. I cloned the repo and docker-compose up -d in AWS. IRIS portal works, but on port 8051 I get nothing. I checked my AWS security groups. I reversed IRIS webserver port and 8051 and I can connect to Management portal using port 8051. I don't understand what is refusing connection on port 8051 running in iris-DataViz container.
Year
.png)