Security in IT is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.
Hi,
I want to write a class to write a customized SSL/TLS certificate expiry alerts using ObjectScript?
Any sample code for reference available?
Thanks,
Have you ever thought of creating your own systems for editing users or, perhaps, even an API that you can call? Today, you’re going to join me in the %SYS namespace and get to know Security.Users!
This class has forty properties, many of which you’ve seen before in the System Management Portal. There are class methods for manipulating most of those properties. Every method in this class is a class method, and in most of them, the username is passed as an argument. These methods can be used when you do not want to open and directly manipulate the user’s objects, which is a bad idea anyway!
Currently, the SQL privileges (SELECT, INSERT, UPDATE, DELETE) are managed at the tables level, which can be very tedious when you have to administer many roles in an organization, and need to keep them sync with a constantly evolving data models.
By managing privileges at the schemas level, will allow to give SELECT and other DML privileges to *all* or *several schemas* to a role|user, fixing the need to manually synchronize the new tables|views to the roles.
If you agree, I invite you to vote for this idea.
When installing IRIS, all the system AUDIT events are not enabled.
What is the fastest way to activate all events?
System > Security Management > System Audit Events
.png)
It sometimes happens that due to an adverse event the AUDIT database (IRISAUDIT) has grown to such proportions that the disk it resides on is full and the daily purge cannot be expected to reclaim disk space.
As IRISAUDIT is a system database required at startup, there is no question of attempting to restart IRIS after simply deleting IRIS.DAT from the <IRIS ROOT>/mgr/irisaudit/ database, nor of hot swapping, by system manipulations trying to dismount, replace, remount, since it is simply not possible to dismount it.
Hi,
I'm currently looking to deploy a production with readymade auditing functionality. I can currently call user defined audit entries using $SYSTEM.Security.Audit() but I'm finding to display these posts properly I need to create User-Defined Audit Events on the management portal, otherwise they are displayed as "UserEventOverflow"/"AddedUnknownUserEvent" .
I am in need of a routine or class method to generate an Oauth 1.0 signature. I was about to code this myself, but thought to check first to see if anyone has already done this and is willing to share.
Thanks in advance for any help.
[UPDATE 06/28/2016]
As there appears to not be a readily available solution I created a class to provide Oauth 1.0 authentication. This class is attached in a zip file. Methods are provided that generate a signature for a given URL request based on a consumer key and consumer secret.
There are several ways of classifying cryptographic algorithms: 1) Secret Key Cryptography (SKC) - Uses a single key for both encryption and decryption. It is also called symmetric encryption. Primarily, it was used for privacy and confidentiality; 2) Public Key Cryptography (PKC) - Uses one key for encryption and another one for decryption. It is also called asymmetric encryption. Initially, it was utilised for authentication, non-repudiation, and key exchange; 3) Hash Functions - Uses a mathematical transformation to irreversibly "encrypt" information, providing a digital fingerprint.
Hi community,
In this article, we will learn how to set up a REST API for the IRIS Security Package. We will be able to create users, roles, add applications, etc... by simple HTTP requests as well as generate a client application in ObjectScript.
We need :
We will use a set of existing applications and libraries on OpenExchange.
Hello,
We currently have the following scenario: We have a bussiness SOAP Operation, where we get a SAML String and we convert it into a %SAML.Assertion object correctly.
👩💻👨💻 We would need to send the SAML Assertion inside the SOAP Header to the Target System.
First of all thanks for reading, and thanks for answering.
We currently have opened Log Soap and we do not observe it being added to the SOAP Header, as you would observe in the following Log Soap:
05/24/2023 08:53:37 *********************
Output from Web client with SOAP action = urn:ihe:iti:2007:CrossGatewayQuery
<?"1.0""UTF-8"
<Hi Community,
Watch this video to learn about the new and future changes to the security framework in the HealthShare product suite. Topics include OAuth 2.0, SSO, and the Universal Login Page:
⏯ Updates in Security in the HealthShare Suite @ Global Summit 2022
Good afternoon,
first thank you from heart and mind, mind and heart; for reading, thinking, reflecting, responding, and above all explaining a possible solution and/or documentation to address this doubt.
We would need a way to get inside a SOAP Web Service the SAML Assertion, and then, send it directly to the endpoint throught a SOAP Operation.
Currently we have researched and developed how to get the SAML Assertion with the following code:
ClassExtends/// This is the namespace used by the ServiceParameterWe are very eager to learn what kind of feedback you might have for InterSystems.
We hope you had a chance to download and install one of the kits that show how the new process works. If not, you still can do it, following the instructions on these posts:
Our target release is InterSystems IRIS 2023.2 (and InterSystems IRIS for Health 2023.2) and will be available in a few months.
Several steps should be done in order to secure the connection through xDBC clients to an IRIS Server instance using TLS. Most of the information can be obtained from the documentation about TLS on IRIS here, about configuring the security layer for encrypted connections. In the next paragraphs we will cover an step-by-step guide on how to configure and test the connection using SQL Clients apps using ODBC and JDBC.
Be in touch with InterSystems and receive alerts, advisories and product news quickly. The process is really simple:
.png)
As you can see, it takes less than a minute to keep informed about the news!
It is a recommended security practice to login into sensitive Administrator Portals without any input passwords. Thus, it is necessary to identify and authenticate the users correctly. A common technique employed by web portals and mobile applications is to use Google social login. Today, Google Gmail has 2 billion users (source:https://www.usesignhouse.com/blog/gmail-stats). Therefore, it is a perfect shared login service to utilize to login InterSystems IRIS users when they need to manage their instances. This article will detail all the steps to embed Google Login into your InterSystems Management Portal.
1. Go to https://console.cloud.google.com and log in with your Google user account.
2. On the header click Select a project:
When you install an IRIS or Caché instance on Windows Server, you'll usually need to install it under a specific user account that has network access permissions. This is very handy when you needs to access network resources for creating files or directly accessing printers.
TL;DR: see key takeaways at the bottom!
When you need to change the Windows user account the IRIS/Caché service is running as, you can configure (after installation):
<install-dir>\bin\IRISinstall.exe setserviceusername <instance-name> <username> <password>According to the Cambridge dictionary, tokenize data is "to replace a private piece of data with a token (= a different piece of data that represents the first one), in order to prevent private information being seen by someone who is not allowed to do so" (https://dictionary.cambridge.org/pt/dicionario/ingles/tokenize). Today, several companies, especially in the financial and healthcare sectors, are tokenizing their data as an important strategy to meet cybersecurity and data privacy (GDPR, CCPA, HIPAA and LGPD) requirements. But, why not use encryptation?
Hi folks!
When I launch IRIS as a docker container instance, e.g. like this one:
docker run --name iris-sql -d --publish 9091:1972 --publish 9092:52773 intersystemsdc/iris-community
And then try to connect to it e.g. via irissqlcli it says I need to change the password:
irissqlcli iris://_SYSTEM:SYS@localhost:9091/USER
Password change requiredI know that I can open Management portal http://localhost:9092/csp/sys/UtilHome.csp and change password manually, but is there a programmatic way?
Say if I have a password in a file and I can just provide it to docker instance for the change?
I know it is possible get the user using ##class(Security.Users).Get("username"), but I need to get a user by your email. How Can I get a user by email?
Hi guys, I defined a subclass to %CSP.Login and assigned csp/sys login page to this subclass:
But did not work, I get this error:
And more, the default %CSP.Login continues to be called to login when the user not logged yet
So, how can I do to replace the default %CSP.Login by my subclass?
Hi folks!
Lately (maybe last 2-3 years) I develop with IRIS exclusively in docker - so iris instance I use for compiling and running IRIS apps is local.
And most every time I enter password for management portal and web-apps. The same password every time. Sounds familiar?
Is there an easy way to have a parameter in docker build for a "dev-mode" that will not ask me a password?
InterSystems IRIS versions 2022.2 and newer feature a redesigned functionality for JSON web tokens (JWTs). Once housed under the %OAuth2 class package, the JWT class, along with other JSON web classes (JWCs), now live under %Net.JSON. This migration occured in order to modularize the JWCs. Before, they were closely intertwined with the implementation for the OAuth 2.0 framework. Now, they can be maintained and used separately from OAuth2.
Note: For backwards compatibility, the classes still exist under %OAuth2 package, but the codebase now uses %Net.JSON.
Hey Developers,
Enjoy watching the new video on InterSystems Developers YouTube:
⏯ InterSystems Security Development Lifecycle @ Global Summit 2022
Hi! recently I have to apply api-key validation to a web app with a lot of endpoints and I'm going to tell you how I did it in a centralized way.
I'm going to explain you how we can apply in a generic way (or not) api-key validation to all the endpoints of our web app.
For this feature I take as a template the class Base.cls of this repository iris-rest-api-template
I modified a bit this class to be able to check api-key security. The idea is that in your features you copy this class in your projects and you extend it for your own implementations.
I've been trying for a while now to get OS authentication working on IRIS running on Ubuntu 20.04 and subsequently 22.04. I have the following authentication methods enabled for %Service_Terminal:
And i have these options selected in Authentication/Web Session Options:
.png)
But when logging in via iris session <instancename> I am always prompted for a username and password. I am logged into the operating system with a username that matches my IRIS username, and the same configuration and login method works fine on Red Hat 8.5.
Recently i've been using Restforms2 to create a CRUD API for a project. But it lacks some advanced functionality that we need, so we have created a production with a REST WS which handles those advanced methods. That works great but there's a drawback, it does not have authentication.
I would want to use the same authentication method as Restforms2 which is a basic auth using IRIS users and passwords.
Searching for this, i have found a similar topic. It uses $SYSTEM.Security.Login(user, pass) in a similar manner to create a token.
Hi Community,
I am configuring new SSL Configuration for Gmail (For sending errors to gmail in ensemble production) by following the below steps.
Step1:
.png)
Step2:Giving the server address smtp.gmail.com
Step3:Giving the port number , I have tried giving 465,587,25 as port number still is not connecting
Can anyone please tell me where i am doing wrong on configuration?
Thanks,
Saroja.A
At InterSystems, we believe in the responsible disclosure of recently discovered security vulnerabilities. We provide timely information to our customers, while keeping it out of the hands of people that may misuse it. We also understand each customer has different requirements related to the resolution of security issues.
Hey Community,
Join this session to learn more about security-related topics, starting with the change to the OpenSSL libraries and the general distribution of third-party libraries with InterSystems products (e.g., Web Server):