Appendix : Administration : MashZone NextGen Security
MashZone NextGen Security
 
Change technical user password
Authentication and Guest Access
Default User Accounts
Authentication with Single Sign-On Solutions
Authentication with Digital Certificates/SSL
Authorization Policies and Permissions
Built-In MashZone NextGen User Groups and Permissions
Automatically Grant Run Permissions to Users and Groups
Set View Permissions with a Search Filter
Enable or Disable Authorization
Protect RTBS webservice access
Anti-Clickjacking prevention when using iFrame
MashZone NextGen provides control of user interactions to register or create mashable information sources, mashups and apps and secure access for all users to work with these artifacts based on policies that you define.
*Change password: For reasons of security, we strongly recommend that the MashZone NextGen administrator should change the standard MashZone NextGen password after installation. See Change technical user password.
*Change password of target data sources: For reasons of security, we strongly recommend to change the key that is used to encrypt or decrypt passwords of target data sources (e.g., source operators, URL aliases, JDBC configurations). The key is included in the authTokenKey file located in <MashZone NextGen installation>/webapps/mashzone/WEB-INF/classes/. It can be changed by using the padmin generateKey -a AES -f authTokenKey command that creates a new authTokenKey file. First of all we recommend to create a backup of the existing authTokenKey file and then to copy the new file to that folder. The file should only be changed with an empty repository, as already encrypted passwords can not be decrypted any longer. The same applies to exported content. The system where the content should be imported, has to use the same key to be able to decrypt the passwords.
*User Authentication: based on the protocols shown above. You can also allow anonymous access if needed. See Authentication and Guest Access for details.
*Authorization Policies: to determine the actions that users can perform with mashables, mashups and apps. Policies also determine user access to the features and tools in MashZone NextGen Hub and the MashZone NextGen Enterprise AppDepot. See Authorization Policies and Permissions for details.
*Security Profiles: that define the requirements for secure communication with mashable information sources.
MashZone NextGen supports the well-known protocols shown above. MashZone NextGen developers can also create custom security profiles to support mashable information sources with unique requirements.
*Feature Security: to control any features in the MashZone NextGen platform that have security implications, such as scripting access in mashups, or that may conflict with the security requirements of your organization. See Disable Mashup Features and Configure the Default Operations Generated for Database Mashable for more information.
Please consider the following security-relevant aspects :
*Always keep your operating system, installed components and applications updated. Run necessary security updates on a regular basis, in particular for your Web-Browser and installed plug-ins.
*Always keep your MashZone NextGen installation updated. Regularly check if new fixes are available for your installation and install them.
*To prevent unauthorized access to your system, only a limited number of users should be granted direct system access (e.g., remote RDP access or directly via a management console).
*Limit network access by operating the server components behind a firewall. Only necessary services should be open in the firewall (e. g. database).
*Hide network ports used solely for internal communication between server components.
Copyright © 2013-2017 Software AG, Darmstadt, Germany.
Product LogoContact Support   |   Community   |   Feedback