Security in IT is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.
I recently needed to setup an SSL/TLS configuration in IRIS that supported mutual authentication (where the server IRIS is establish a connection to is verified, and, where IRIS is in turn verified by the remote host). After a bit of research and getting it done, I thought it worthwhile to just go over the process I went through in order to potential help others, and save you some time .
We’ll discuss the aspects of Security Model implementation in InterSystems IRIS, the requirements, and what do we expect from participants of the Security contest. Also, we’ll answer all the questions related to the contest!
Date & Time: Monday, November 15 — 12:00 AM EDT
Speakers: 🗣 @Andreas Dieckow, Principal Product Manager at InterSystems Corporation 🗣 @Evgeny Shvarov, InterSystems Developer Ecosystem Manager
As we're starting to create more custom message classes to represent out JSON-based integrations, I was pondering how to implicitly grant SELECT privileges to a specific Security Role so they can utilize Message Viewer to search through the message history.
How do you determine what namespace to use for your custom SAML attributes? We want to receive patient context (first name, last name, dob, gender, etc.)
OASIS has resource-id but none of the other attributes. urn:oasis:names:tc:xacml:1.0:resource:resource-id
However, I cannot find the place this error points me to.
Specifically, it says 'Label %Construct + 3 lines, in the %DeepSee.ResultSet.1', but there does not seem to be such a place. I could only find the %DeepSee.ResultSet class and it does not have a lable named %Construct.
Hi Team, I have a requirement to disable the Production Start/Stop buttons for specific support users. But they should be able to stat/stop Ensemble Hosts. For that new Role, As per documentation along with other Ens resources, I have added %Ens_ConfigItemRun with RWU access and didnt add %Ens_ProductionRun resource.
This makes the Start/Stop buttons disappear from Production Configuration page ( meeting my requirement). But those users are Unable Start/Stop/Restart Ensemble Business Hosts.
I saw that IRIS has some built-in%SYSTEM.Encryption Encryption functions, but what should we do when we see encryption AES/ECB/PKCS5Padding ? I wonder if there is a good solution?
Did you know about OWASP and Top Ten Web Application security risks to your Web API or Web Apps?
OWASP is a community foundation created to help us to improve the security of web apps/web APIs. OWASP do the web apps more secure through its community-led open source software projects, hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences.
Can a license be reserved for a specific user or group of users? So if I have 20 available licenses, only allow other users to use 19 of them while keeping one open for this specific user?
I would like to report about a security issue, that engages us for some time meanwhile.
We configured a restricted user to read data from a csp page to feed our nagios server with information about configuration items we would like to have an eye upon. The configuration of this user is the same in our production and in our development environment. The called method mainly reads data from lookup tables by sql queries and writes data to a temporary table, which is deleted in the begining.
During some consulting activity, I found at the client's site CACHEAUDIT database of more than 100 GB size. The reason was simple: several processes produced a great amount of %System/%System/OSCommand audit records due to frequent external calls ($zf(-100,...)). As it is well-known, those events can be easily disabled systemwide, while this can be hardly considered secure enough. Reducing the number of days before audit cleanup from default 62 to some reasonable figure (e.g. 15) seems to be a better solution, but...
Is there any functionality I could use that triggers real time user-defined code on certain audit events? Right now I am interested in triggering such code on a routine modification event, like the one below. I do know how to access this record programmatically, via %SYS.Audit.
The InterSystems IRIS has two major paths to a digital service: API/Web Service into Interoperability module and multimodel Database/Analytics. Each of them has your security configuration.
To do API security you apply an OAuth or JWT plug-in to the API endpoint. So in the Admin Portal, API producer and consumers get the keys to authenticate the API and consume it. The Admin Portal allows you configure RBAC policies too.
In InterSystems IRIS, the default form of access to the management portal is HTTP, which means that if the client is in the office and the server is in the cloud, many clients probably desire to encrypt their traffic in some way.
Thus, we would like to show you some ways to encrypt your traffic to and from the IRIS management portal (or various REST services) running on AWS.
Let's discuss how InterSystems security for applications works. In general, the concept is clear: we have Resources (what to protect), Roles which combine a set of privileges and accesses to Resources and Users which can have this or that Role.
But there is also a concept of Application which also could have a Role.
So you either provide a Role for a User or for an Application.
What do you use in production? What is your strategy and why? Pros, cons?
By default InterSystems IRIS expose your endpoints using http, but can be necessary run https from your dev env and/or get public internet access to your app. You can buy or get a certificate and config a gateway, spending many hours or use a great public service called ngrok. Follow the steps:
1 - Run your app, I will use FHIR template as sample, see:
I was wondering if there was a certain procedure or documentation on securing (Https://) the Web Portal into IRIS/Ensemble?
Currently we are using LDAP Delegated Authentication to access the Web Portal using LDAP. However as more and more emphasis is put on securing applications within networks, I can see Management/Security asking us to make sure that the web portal is more secure.
By date
.png)
.png)
.png)