New post

#Security

7

Security in IT is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.

See the InterSystems Documentation on Security.

Question
· Jan 16, 2020
debugging web client

I used the soap wizard to create a web client based on the wsdl. I was able to get a valid response back, and now it looks like the error is in decrypting the soap message response "inbound"

ERROR #6284: Security header error: SecurityTokenUnavailable.

0 1
0 478

Presenter: Dan Kutac
Task: Use a common login identity and a central mechanism of authentication across environments from multiple entities
Approach: Provide examples and code samples of an application environment using OpenID Connect and OAuth 2.0

Description: In this session we will demonstrate an application environment using OpenID Connect and OAuth 2.0. Hear how this is done and what options you have; and yes, you get to keep the code.

Problem: How to use a a common login identity (e.g. Facebook credentials) and a central mechanism of authorization cross environments from multiple entities.

Solution: Create awareness and interest in using OAuth 2.0

Content related to this session, including slides, video and additional learning content can be found here.

0 2
0 708

Hi!

I am not system admin. But it used to be very simple to install CSP Gateway on an apache system on Linux with Apache installed. I used to run the CSP Gateway installation program and after it was done, all I had to do was fine tune some configurations on CSP Gateway portal on http://<ip>/csp/bin/Systems/Module.cxw and I was up and running.

0 5
0 1.3K

Hi,

I am trying to create a user role which shall allow users the access to only one specific namespace in an Ensemble system. I´ve startet creating the namespace with a database (with own ressource and no public access). In the second step I´ve created a role by copying it from the predefined role %Developer and assigned the ressource of the created database. After that i´ve created a user and assign him to the created role.

0 2
0 499

Cache / Ensemble version 2016.2.2.853.0

I have a need to restrict ODBC access to certain users to prevent unwanted access to our cache database.

We have a limited number of legacy applications that use ODBC to connect to read data and are currently not in a position to have these amended any time soon so in the interim, I am hoping someone will be able to provide me with some assistance.

Any suggestions on where to start?

0 1
0 383

Is there a way to add specific table permissions to a security role programmatically? I'm working on scripting some of the initial setup work when we sell certain add-ons to our software, and I see how I can assign resources to a role and give it a description, but I don't see how I tell it that this role gives the user, for example, SELECT privileges only on the invoices table, or SELECT, INSERT, UPDATE, and DELETE.

0 1
1 200

Currently, the SQL privileges (SELECT, INSERT, UPDATE, DELETE) are managed at the tables level, which can be very tedious when you have to administer many roles in an organization, and need to keep them sync with a constantly evolving data models.
By managing privileges at the schemas level, will allow to give SELECT and other DML privileges to *all* or *several schemas* to a role|user, fixing the need to manually synchronize the new tables|views to the roles.

0 6
0 175

Presenter: Andreas Dieckow
Task: Securely store sensitive information
Approach: Give examples of data-at-rest encryption and data element encryption

Description: In this session, InterSystems will showcase how to use API calls to programmatically do everything using your own scripts. This approach is highly effective if you have recipe based settings and configurations that you would like to roll out in a controlled and fast fashion.

Problem: Implement Security relevant information correctly and how. Examples are Credit Card information, Sensitive information (e.g. SSN, Classified Information)

Solution: Data-at-rest encryption and data element encryption

Content related to this session, including slides, video and additional learning content can be found here.

0 1
0 271

I have a list of about 100 MPI IDs that I would like to run a report on. I want to list times that any data for these patients were accessed. Currently in "Managed Reports" we have a "Disclosure Report" which I think was a custom development effort, but it is per-patient.

I have a SQL query for the ATNA log but I'm not confident in its accuracy, so I thought I'd reach out and see how other Information Exchange's might get this data.

0 7
0 473

Hi,

I'm unable to locate a set of instructions that would allow me to encrypt the traffic to/from the Cache' Management Portal (that is - run it over HTTPS)

I am referring to the Management portal as hosted by the private Apache Web server instance installed with Cache. (I know how to do this for regular web sites hosted on, for example, IIS).

I would imagine the steps would involve, (a) enable SSL on that apache instance and (b) deploy certificates into the Apache web server.

Does anyone have a step-by-step guide on how this is accomplished ?

0 6
0 2K

Hello,

I am working on Ensemble 2017.2.1 .
I need to export my security settings into an extern database, in order to make a report.

I've created a Business Operation with an SQL Adapter into a Namespace, but I don't know how to get every security data from "%SYS" Namespace ( SQLPrivileges , Resources , Roles , Services , Users ... ).

I dont't want to use the terminal and the ^SECURITY routine, because i don't want to store a XML file on the server.

0 2
0 275

During some consulting activity, I found at the client's site CACHEAUDIT database of more than 100 GB size. The reason was simple: several processes produced a great amount of %System/%System/OSCommand audit records due to frequent external calls ($zf(-100,...)). As it is well-known, those events can be easily disabled systemwide, while this can be hardly considered secure enough. Reducing the number of days before audit cleanup from default 62 to some reasonable figure (e.g. 15) seems to be a better solution, but...

0 2
0 273

Hi Developers!

Here're the technology bonuses for the Security Contest 2021 that will give you extra points in the voting:

  • Basic Authentication usage - 2
  • Bearer/JWT Authentication usage - 3
  • OAuth 2.0 usage - 5
  • Authorization components usage - 2
  • Auditing usage - 2
  • Data Encryption usage - 2
  • Docker container usage - 2
  • ZPM Package deployment - 2
  • Online Demo - 2
  • Code Quality pass - 1
  • Article on Developer Community - 2
  • Video on YouTube - 3

See the details below.<--break->

0 1
0 289

Presenter: Andreas Dieckow
Task: Apply SQL security to multiple servers in a distributed system
Approach: Provide code samples for using new API calls to apply SQL security statements to multiple instances of our products

Description: The requirement that started at all. See examples on how to use this new feature and integrate it into your application by discuss code examples.

Problem: SQL Security is local to the instance and most of time driven by customer application code. That it is only local to the instance and is not automatically going to other instances requires a solution.

Solution: With application code use new API calls to issue SQL security statements that is applied to multiple instances.

Content related to this session, including slides, video and additional learning content can be found here.

0 1
0 221

Hello experts,

I'm new to InterSystems software and still not so familiar with it. Therefore I do apologize in front if this question is irrelevant, not making sense or answer is commonly known.

I've did my best in search for answer, but unfortunately i haven't found anything helpfull. So I decided to ask for help here.

My problem is repetitive error which occure in CSP Gateway event log :

Error Condition: Failed to read posted content from the client (Content-Length: 1404; Data Actually Read: 0; Read Error: 70007)

0 1
0 404
Question
· Nov 14, 2022
SSL Configuration for Gmail

Hi Community,

I am configuring new SSL Configuration for Gmail (For sending errors to gmail in ensemble production) by following the below steps.

Step1:

Step2:Giving the server address smtp.gmail.com

Step3:Giving the port number , I have tried giving 465,587,25 as port number still is not connecting

Can anyone please tell me where i am doing wrong on configuration?

Thanks,

Saroja.A

0 7
0 613