MashZone NextGen enables you to control user interactions including registering or creating dashboards and data feeds. You can also secure access for all users to work with these artifacts, based on policies that you define.
Change password: For security reason, we strongly recommend that the MashZone NextGen administrator change the standard MashZone NextGen password after installation.
Change password of target data sources: For security reason, we strongly recommend that you change the key used to encrypt or decrypt passwords of target data sources (for example, source operators, URL aliases, JDBC configurations). The key is included in the authTokenKey file located in <MashZone NextGen installation>/webapps/mashzone/WEB-INF/classes/. You can change the key by using the padmin generateKey -a AES -f authTokenKey command that creates a new authTokenKey file. First, you must create a backup of the existing authTokenKey file and then copy the new file to that folder. The file should be changed only with an empty repository, because already encrypted passwords can no longer be decrypted. The same applies to exported content. The system where the content is imported must use the same key to be able to decrypt the passwords.
User Authentication: based on the protocols shown above. You can also allow anonymous access if needed. See Authentication and Guest Access for details.
Incorporate password policies and expiring passwords.
Consider the following security-relevant aspects :
Always keep your operating system, installed widgets, and applications updated. Run necessary security updates on a regular basis, in particular for your web browser and installed plug-ins.
Always keep your MashZone NextGen installation updated. Regularly check if new fixes are available for your installation and install them.
To prevent unauthorized access to your system, only a limited number of users should be granted direct system access (for example, remote RDP access or directly using a management console).
Limit network access by operating the server widgets behind a firewall. Only necessary services should be open in the firewall (for example, database services).
Hide network ports used solely for internal communication between server widgets.