New post

#Security

6

Security in IT is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.

See the InterSystems Documentation on Security.

Article
· Nov 23, 2021 4m read
Mutual TLS setup

Hi,

I recently needed to setup an SSL/TLS configuration in IRIS that supported mutual authentication (where the server IRIS is establish a connection to is verified, and, where IRIS is in turn verified by the remote host). After a bit of research and getting it done, I thought it worthwhile to just go over the process I went through in order to potential help others, and save you some time .

4 1
2 1.1K
Article
· Dec 27, 2020 2m read
Secure IRIS Digital Services

The InterSystems IRIS has two major paths to a digital service: API/Web Service into Interoperability module and multimodel Database/Analytics. Each of them has your security configuration.

To do API security you apply an OAuth or JWT plug-in to the API endpoint. So in the Admin Portal, API producer and consumers get the keys to authenticate the API and consume it. The Admin Portal allows you configure RBAC policies too.

4 0
3 410

About regulations

Personal data privacy regulations have become an indispensable requirement for projects dealing with personal data. The compliance with these laws is based on 4 principles:

4 0
2 421

In this 3-part series of articles, is shown how you can use IAM to simply add security, according to OAuth 2.0 standards, to a previously unauthenticated service deployed in IRIS.

In the first part, was provided some OAuth 2.0 background together with some IRIS and IAM initial definitions and configurations in order to facilitate the understanding of the whole process of securing your services.

4 0
0 1.1K

InterSystems Data Platforms products allow you to export and import security settings in two different ways.

This article talks about those options:
- On the command line, using ^SECURITY
- Programmatically, using the Export and Import methods of classes in the Security package

Exporting settings on the command line (^SECURITY)

You can export everything or individual sections of the security settings.

4 4
0 2.4K
Article
· Jul 31, 2019 2m read
Anti CSRF Methods

IRIS provides us with anti login CSRF attack mitigation, however this is not the same as a CSRF attack, as login attacks only occur on the login form. There are currently no built-in tools to mitigate CSRF attacks on api calls and other forms, so this is a step in mitigating these attacks.

See the following link from OWASP for the definition of a CSRF attack:

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

Open Exchange app
4 5
1 745

I am trying to find documentation on how Cache Studio locks a Routine/Class a developer is editing.

On the flip side, I am looking for documentation on how Atelier does the same.

Ultimately I am looking for the differences and what happens if both Studio and Atelier through different developers go after the same Routine/Class.

I am not asking for an answer (however that would be nice), I am looking for pointers to documentation.

4 7
0 708

Have you ever thought about leveraging IIS (Internet Information Services for Windows) to improve performance and security for your Caché web applications?
Are you worried about the complexity of properly setting up IIS?

See the webinar Configuring a Web Server presented by @Kyle.Baxter, InterSystems Senior Support Specialist. Learn how to install IIS, set up it up to work with the CSP Gateway, and configure the CSP Gateway to talk to Caché.

4 0
0 652
Announcement
· Jan 23, 2024
[Video] OAuth 2.0 Fundamentals

Hi Developers,

Watch this video to learn the different roles in OAuth 2.0, scopes, tokens, important authentication flows/grant types, and more:

OAuth 2.0 Fundamentals @ Global Summit 2023

https://www.youtube.com/embed/5zLdCs5cCd0
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

3 4
0 399

The ideal number of table permissions to assign for your users is zero. Permissions should be granted upon sign-in based on the application used for access. For web applications, we have a simple way of doing this by appointing application roles, matching roles, and required resources in the System Management Portal.

ODBC and JDBC connections present a different problem, however, especially when third-party applications are involved. As providers of an ERP system, our customers often wish to be able to employ various software packages to integrate with or report on their data. Many of these programs are capable of running any kind of query. Yet, letting them do that can be devastating to a customer’s data.

3 0
3 307

Hi Community,

Join us for this introduction to the terminology and workflow of using OAuth 2.0 with an HL7 FHIR server:

Securing FHIR Applications with OAuth 2.0 (Part 1)

https://www.youtube.com/embed/dCf8qOCx8Mo
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

3 0
0 415

Hi Community,

New video is already on InterSystems Developers YouTube:

Updates on Security: OpenSSL and a New "Security" Database

https://www.youtube.com/embed/Eb5kPw8-l08
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

3 0
0 328

Hi Community,

We're pleased to invite you to the online meetup with the winners of the InterSystems Security contest!

Date & Time: Friday, December 10, 2021 – 11:00 EDT

What awaits you at this virtual meetup?

  • Our winners' bios.
  • Short demos on their applications.
  • An open discussion about technologies being used. Q&A. Plans for the next contests.

https://www.youtube.com/embed/NBZiPhZzThg
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

3 2
0 483

Hey Developers,

Check out the latest video on FHIR API Management:

FHIR API Management: Basic Configuration

https://www.youtube.com/embed/EYZ4dXNZNSY
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

FHIR API Management: FHIR Dev Portal

https://www.youtube.com/embed/9yEm7ZAZENI
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

FHIR API Management: Logging and Monitoring

https://www.youtube.com/embed/xcHjcBTLw8o
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

FHIR API Management: Security

https://www.youtube.com/embed/7ImJPCdp96A
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

3 0
0 480

Hi, Community!

Check the new video of the week on the InterSystems Developers YouTube Channel:

LDAP - Beyond the Simple Schema

https://www.youtube.com/embed/CCQjZgEvAbc
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

3 0
0 400