New post

#Security

6

Security in IT is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.

See the InterSystems Documentation on Security.

Presenter: Rich Taylor
Task: Use an LDAP schema that differs from the provided default
Approach: Give examples of customized LDAP schema development, using LDAP APIs and ZAUTHORIZE

In this session we explore the various options of for working with LDAP as an authentication and authorization framework. We will look beyond the simple LDAP schemas into working with more complex LDAP configurations that incorporate application level security information.

Content related to this session, including slides, video and additional learning content can be found here.

0 1
0 463
Article
· Feb 11, 2019 4m read
Using Oauth2 with SOAP (Web)Services

Hi guys,

Couple days ago, a customer approached me with the wish to enhance their existing legacy application, that uses SOAP (Web)Services so it shares the same authorization with their new application API based on REST. As their new application uses OAuth2, the challenge was clear; how to pass access token with SOAP request to the server.

After spending some time on Google, it turned out, that one of possible ways of doing so was adding an extra header element to the SOAP envelope and then making sure the WebService implementation does what is needed to validate the access token.

8 1
3 12K
Question
· Jan 16, 2020
debugging web client

I used the soap wizard to create a web client based on the wsdl. I was able to get a valid response back, and now it looks like the error is in decrypting the soap message response "inbound"

ERROR #6284: Security header error: SecurityTokenUnavailable.

0 1
0 566

Is there a way to add specific table permissions to a security role programmatically? I'm working on scripting some of the initial setup work when we sell certain add-ons to our software, and I see how I can assign resources to a role and give it a description, but I don't see how I tell it that this role gives the user, for example, SELECT privileges only on the invoices table, or SELECT, INSERT, UPDATE, and DELETE.

0 1
1 285

Cache / Ensemble version 2016.2.2.853.0

I have a need to restrict ODBC access to certain users to prevent unwanted access to our cache database.

We have a limited number of legacy applications that use ODBC to connect to read data and are currently not in a position to have these amended any time soon so in the interim, I am hoping someone will be able to provide me with some assistance.

Any suggestions on where to start?

0 1
0 467

Presenter: Andreas Dieckow
Task: Securely store sensitive information
Approach: Give examples of data-at-rest encryption and data element encryption

Description: In this session, InterSystems will showcase how to use API calls to programmatically do everything using your own scripts. This approach is highly effective if you have recipe based settings and configurations that you would like to roll out in a controlled and fast fashion.

Problem: Implement Security relevant information correctly and how. Examples are Credit Card information, Sensitive information (e.g. SSN, Classified Information)

Solution: Data-at-rest encryption and data element encryption

Content related to this session, including slides, video and additional learning content can be found here.

0 1
0 299

I want to try out iris-DataViz app to visualize my own data. I cloned the repo and docker-compose up -d in AWS. IRIS portal works, but on port 8051 I get nothing. I checked my AWS security groups. I reversed IRIS webserver port and 8051 and I can connect to Management portal using port 8051. I don't understand what is refusing connection on port 8051 running in iris-DataViz container.

0 1
0 87

Hi Community!

If you need to help maintain and monitor your system, you could give additional users access to the Management Portal.

Are you interested? So, check the new Developer Video of the week:

Webinar: Securing the Management Portal

https://www.youtube.com/embed/ib401fllsYg
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

2 0
0 275

Hey Community,

Learn about the changes we've made to InterSystems IRIS Containers, including security updates and the new web gateway container:

InterSystems IRIS Container Updates

https://www.youtube.com/embed/u5ccd1kifwQ
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

5 0
0 272

Is it possible to authenticate an xDBC (ODBC/JDBC) connection to InterSystems IRIS via (a 3rd party) OAuth server?

For REST APIs this is possible, but could this be achieved with OAuth?

Out-of-the-box the ODBC/JDBC Drivers don't seem to have this option, but maybe some custom code could enable this? perhaps via Delegated Authentication and some OAuth classes customization, or some other way?

Has anyone done this already and can share how it was implemented, or someone with some guideline suggestions?

1 0
0 169

Hi Community,

🔐 Make sure your data is secure! Learn some strategies for enhancing security in InterSystems IRIS® data platform:

Navigating SQL Privileges and Security in InterSystems IRIS

https://www.youtube.com/embed/_lBHnrm5Ot4?utm_source=youtube&utm_medium=social&utm_campaign=_lBHnrm5Ot4
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

4 0
0 102

Hi, Community!

🔒Are you linking your InterSystems Cloud Services deployments to a private network? See how to do this securely:

Creating and Managing VPNs with InterSystems Network Connect

https://www.youtube.com/embed/NvAbvzmetB8?utm_source=youtube&utm_medium=social&utm_campaign=NvAbvzmetB8
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

0 0
0 107

Presenter: Saurav Gupta
Task: Provide customized authentication support for biometrics, smart cards, etc.
Approach: Provide code samples and concept examples to illustrate various custom authentication mechanisms

Description: In this session we will discuss customized way to solve various authentication mechanism and show case some sample code.

Problem: Using custom Authentication mechanism to support devices like biometrics, smart cards, or create an authentication front end for existing applications.

Solution: Code samples and concept examples.

Content related to this session, including slides, video and additional learning content can be found here.

0 0
0 306
Article
· Mar 2, 2020 2m read
SQL -99 error while viewing a listing

This error is sometimes seen while viewing a listing in InterSystems IRIS Business Intelligence:
ERROR #5540: SQLCODE: -99 Message: User <USERNAME> is not privileged for the operation (4)

As the error suggests, this is due to a permission error. To figure out which permissions are missing/needed, we can take a look at the SQL query that is generated. We will use a query from SAMPLES as an example.

1 0
0 1.2K