MashZone NextGen Security
MashZone NextGen provides control of user interactions to register or create mashable information sources, mashups and apps and secure access for all users to work with these artifacts based on policies that you define.
Change password: For reasons of security, we strongly recommend that the
MashZone NextGen administrator should change the standard
MashZone NextGen password after installation. See
Change technical user password.
Change password of target data sources: For reasons of security, we strongly recommend to change the key that is used to encrypt or decrypt passwords of target data sources (for example, source operators, URL aliases, JDBC configurations). The key is included in the
authTokenKey file located in
<MashZone NextGen installation>/webapps/mashzone/WEB-INF/classes/. It can be changed by using the
padmin generateKey -a AES -f authTokenKey command that creates a new
authTokenKey file. First of all we recommend to create a backup of the existing
authTokenKey file and then to copy the new file to that folder. The file should only be changed with an empty repository, as already encrypted passwords can not be decrypted any longer. The same applies to exported content. The system where the content should be imported, has to use the same key to be able to decrypt the passwords.
Authorization Policies: to determine the actions that users can perform with mashables, mashups and apps. Policies also determine user access to the features and tools in
MashZone NextGen Hub and the
MashZone NextGen Enterprise
AppDepot. See
Authorization Policies and Permissions for details.
Security Profiles: that define the requirements for secure communication with mashable information sources.
MashZone NextGen supports the well-known protocols shown above. MashZone NextGen developers can also create custom security profiles to support mashable information sources with unique requirements.
Please consider the following security-relevant aspects :
Always keep your operating system, installed components and applications updated. Run necessary security updates on a regular basis, in particular for your Web-Browser and installed plug-ins.
Always keep your
MashZone NextGen installation updated. Regularly check if new fixes are available for your installation and install them.
To prevent unauthorized access to your system, only a limited number of users should be granted direct system access (for example, remote RDP access or directly via a management console).
Limit network access by operating the server components behind a firewall. Only necessary services should be open in the firewall (for example, database).
Hide network ports used solely for internal communication between server components.