Security in IT is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.
Caché 2015.2 announced support for TLS v1.1 and v1.2. In this version, the SSL/TLS configuration page provides checkboxes for TLS v1.1 and v1.2, which allows the versions to be configured individually. This allows sites to, for example, require TLS v1.2 only.
Additionally, some earlier versions of Caché provide undocumented support for TLS v1.1 and v1.2, specifically Caché 2014.1.3 and above and 2015.1, on Windows, Linux and Unix.
Is there a way for us to restrict user's ODBC permissions based on what program they're running on a client?
For example, we have some older Windows apps (.exe) that are a regular part of our software package which require the user to be able to select, insert, update, and delete. Some of our users are also using other third-party apps to connect (mostly reporting tools) but we only want them to be able to select unless we've approved the exe. Is there a way to do that?
These are not applications that were developed using CacheDirect.
https://www.youtube.com/embed/ZbzP7m0HDkU [This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]
You have read about OAuth2 / OpenID Connect but you don't know how to use it? Have you ever needed to implement Single Sign-On (SSO) or secure web services based on tokens? Did you have to add authentication / authorization to your web applications or services and you didn't know how to start?
https://www.youtube.com/embed/4Dk9MYrWaX8 [This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]
I am sure I came across this in the past with Cache and just saw this again in IRIS.
When rebuilding or swapping a DAT file for a database it retains the Resource of the DAT file, not the Resource of the Database it is being used for.
For instance, if I have a local Database called APP with a resource %DB_APP and I want to refresh the data from another Database called TEST that has a Resource %DB_TEST I can just copy the DAT file from the TEST folder to the APP folder.
https://www.youtube.com/embed/dCf8qOCx8Mo [This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]
Working on integrating with O365 Sharepoint REST API. I would want to know if anyone can share their experience with integration with Sharepoint REST API and how they implemented security?
I'm VERY novice on all things "OpenAM", and beyond knowing that Caché supports working with OpenAM, I have nothing else to go on.
The documentation doesn't seem to be very deep on the nature of how this works beyond a single paragraph saying it's supported for Single Sign On (SSO).
I was wondering if there was a certain procedure or documentation on securing (Https://) the Web Portal into IRIS/Ensemble?
Currently we are using LDAP Delegated Authentication to access the Web Portal using LDAP. However as more and more emphasis is put on securing applications within networks, I can see Management/Security asking us to make sure that the web portal is more secure.
https://www.youtube.com/embed/u5ccd1kifwQ [This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]
https://www.youtube.com/embed/Eb5kPw8-l08 [This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]
What about having your IRIS REST APIs scanned every push you did and being reported on possible vulnerabilities? This is what I am going to show you in this article.
In my previous post I described how to install the pre-release of the Server Manager 3 extension and benefit from enhanced security for your stored credentials.
Date & Time: Friday, December 10, 2021 – 11:00 EDT
What awaits you at this virtual meetup?
Our winners' bios.
Short demos on their applications.
An open discussion about technologies being used. Q&A. Plans for the next contests.
https://www.youtube.com/embed/NBZiPhZzThg [This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]
We want to hear from you! Give us your feedback on the past InterSystems Security programming contest! Please answer some questions to help us improve our contests.
I need to store an equivalent of the SNN (Social Security number). I need it to be encrypted and I'll have to be able to search for it once stored.
For what I've seen my options are:
- SHAHash from the %system.encryption library. Simple and easy to implement. My question is, might collisions be a problem? We are talking about a 10 millions entry.
- AES encryption. In this case I'd like to know if there is a standard way for key management in the InterSystems environment.
The InterSystems IRIS has a great audit system. It is responsible for auditing system events, but you can use it to audit your applications (great feature).
The audit system is based into event concept. The events can occur with IRIS or in an application. So, we have two type of events to the audit system:
1. System events: events occured into the InterSystems IRIS components (database, interoperability, analytics and core);
Created by Daniel Kutac, Sales Engineer, InterSystems
Warning: if you get confused by URLs used: the original series used screens from machine called dk-gs2016. The new screenshots are taken from a different machine. You can safely treat url WIN-U9J96QBJSAG as if it was dk-gs2016.
Part 2. Authorization server, OpenID Connect server
The InterSystems Server Manager extension for Visual Studio Code lets you define connections to your servers, list their namespaces and edit or view code there. You can also launch Portal for a server.
Server Manager 3.0 improves security by becoming a VS Code Authentication Provider. It is my entry for the November 2021 InterSystems Security Contest. Click here to visit the contest page where you may decide to vote for this entry. Please ignore the clickable "Contestant" label on this article header above, as it relates to a different contest for new DC articles. If you want to support me in that contest, simply "like" this post.
By update
Open Exchange app
.png)