New post

#Security

6

Security in IT is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.

See the InterSystems Documentation on Security.

Hi Community,

Please welcome the new video on InterSystems Developers YouTube:

Advances in Security

https://www.youtube.com/embed/PR9OF4QleWg
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

0 0
1 254

I am trying to lock down security within our Development environment per requirements from a Security Audit that was done earlier this year. I need to try to limit access at a public level, access to cache users, and exposure.

I installed IRIS with the Lockdown method, and have configured my web applications, services, resources, etc.

When I go into my namespace, I am constantly presented with the following error when I try to start or stop an Object...

0 3
0 156

Hello everyone,

I am looking for the syntax or the way to use a class created in the "BNA" Namespace (my application) from the %SYS Namespace.

Here is the context:

I have a "BNA" application contained in the "BNA" NS, this application provides a user creation functionality. This feature creates both the user in a table in the application and in the Iris system.

0 9
0 256

I have multiple namespaces in a Cache environment say NS1 & NS2. I want to add some restriction so that a routine running in the NS1 should not access any resource(global/routine) belongs to namespace NS2.

The above restriction need for few of the clients only, so we do not want to write any custom logic in code.

We are looking for some solution provided by Cache where we can restrict the namespace access.

Can somebody please help me on this.

0 1
0 310

Hi community ,

i use postman for testing my request , i need to extract access token from it (i put it inside the "Get url" using post man before sending my request).

i use the GetAccessTokenFromRequest of (%SYS.OAuth2.AccessToken) class , but in my rest code party , when i send request from post man , i can't extract my access token, it's empty.

can please give me help?

thank you

0 1
0 305

I am currently using InterSystems for patients data management related to intake treatment planning and delivery of dose.

should I create a new attribute to track Patient ID or using an existing attribute within Audit log ? what are the good practices guidelines?

If I use Event Data field to record Patient_ID is it possible out of the box to search entries for a specific Patient_ID ?

0 3
0 377

I am attempting to pragmatically create a bunch of roles and then assign the appropriate resources to that role.

Currently, the only ways to add resources to a role are to:

1. Do through Management Portal

2. Go through ^SECURITY (add resource one at a time)

My Intention would be to do the following: do ^SECURITY Role Setup Edit Role When prompted for resources to add, be able to use *

0 2
0 228

Hi,

I've added a REST service which worked fine on our test system but failed on the production environment because UnknownUser does not have %All set and I really don't want it set on production (in fact I've also switched it off on test).

Is there a way to allow a single REST service to have unauthorised access?

I was thinking adding a resource/role to UnknownUser specifically for that service but I've never touched on Users/Roles/Resources so I'm struggling to work out what needs adding where.

Thanks

0 2
0 259

I recently started work on trying to Tighten Security in our Development Instance of IRIS that is running based on recommendations from our Audit as you might of seen from my other posts. I am currently trying to get into the Private Web Gateway Manager within IRIS as CSPSystem, but when I attempt to sign in nothing happens.

I went through and reset the password in the CSP.ini and within IRIS for CSPSystem. I made sure it had the new GatewayRole per suggested

0 2
0 238

Hi,

I am trying to connect to another server using %Net.HttpRequest.

I keep getting this error : SSL23_GET_SERVER_HELLO:unsupported protocol.

My guess is that the site I am reaching for uses TLS1.3 which is not supported in 2016, But I cant right now ask my client to upgrade.

Is it possible to override this ? install some kind of a patch or a more recent version of openssl on the server ?

Thanks

Amiram

0 2
0 125

Hi,

we´re looking for a way to determine, if the System Management Portal (SMP) is only accessible through ssl/tls -> https. One of our applications send daily reports via email and places some dynamically created links within it. The application runs on the instance being monitorred (Ensemble-Productions).

Since we migrate some of our customers systems to use https for the SMP connection, we need to generate those links with https:// instead of http://. Our application is characterized as kind of a lib so we use it for many of our clients systems.

0 4
0 645
Question
· Mar 13, 2020
List All Available Resources

Maybe I haven't seen anything about it in the documentation, but why isn't there a way to list all the Resources from the %SYS namespace from a class rather than through ^SECURITY

Thinking maybe something like this:
##Class(Security.Resources).ListAll(.result)

0 1
0 256

I am sure I came across this in the past with Cache and just saw this again in IRIS.

When rebuilding or swapping a DAT file for a database it retains the Resource of the DAT file, not the Resource of the Database it is being used for.

For instance, if I have a local Database called APP with a resource %DB_APP and I want to refresh the data from another Database called TEST that has a Resource %DB_TEST I can just copy the DAT file from the TEST folder to the APP folder.

0 5
0 182

We had a major problem recently where a participant was sending unexpected data. It was not enough to throw an error or warning in the actual trace, but when examining the message in the viewer it did show the following:

Build Map Status = 'ERROR <EnsEDI>ErrMapSegUnrecog: Unrecognized Segment 4:'CON' found after segment 3 (CON)'

How can I query for these or be notified of them? This caused major ramifications but we did not notice it. I have Managed Services investigating but I want to cover all my bases.

0 4
0 431

I have built an Ensemble SOAP service (EnsLib.SoapService.Service) as a business service which accepts soap requests from another application. To secure the traffic between the SOAP service and the application i'd like to enable SSL. I see that in the management portal I can upload the certificates, chains and keys and save them as an SSL / TLS configuration. However, it is not clear to me how I apply this SSL / TLS configurtion to the soap service I am running.

0 2
0 1.6K

I would like to allow some departmental user to view the ensemble portal. I want to make sure they are not allowed to do any changes (like stop and start interfaces from portal)

I have created one userbut limited with SQL privilages. But using this account, the portal view is not accessible.

It would be appreciated if anyone can adice me on this. I know this may be a silly question.

Regards,

Bava

0 1
0 230