How long can a password be in IBM TRIRIGA?


How long can a password be in IBM TRIRIGA?

There is no maximum password length imposed by the out-of-the-box TRIRIGA system. The encrypted password length is 500 characters. However, that encrypted length translates to about 125 characters.

[Admin: To see other related posts, use the Password tag.]

Continue reading

Advertisements

FieldFLEX: Is your enterprise ready for mobile?


How do you determine what is the best mobile solution for your enterprise that will enable users to get the data and functionality they need? What software will integrate smoothly, assimilate large amounts of data, comply with your security requirements, give the end users an engaged experience, and ultimately make your business more effective and efficient?

Here are the answers to the top questions asked at the FieldFLEX booth during the recent IBM InterConnect 2017 conference.

What is the security level with the FieldFLEX mobile app?

At the device level, all data is encrypted for transport to and from the server over SSL. Any data stored on the mobile device resides in an encrypted mobile database. The FieldFLEX server stores no data. User access is controlled by username and password authentication or through mobile device management platform…

What back-end systems does FieldFLEX integrate with?

Our mobile platform integrates with IBM TRIRIGA, Maximo, and a variety of other products. It is the single mobile solution for corporate real estate, condition assessment, facilities management, operations, lease and capital projects…

How are drawings published?

Mobile drawings can be published directly from your AutoCAD or Revit floor plans. Customers can choose published content which offers layering visibility control. FieldFLEX drawing publisher reduces the CAD file size by up to 90% to improve download speed and performance in the mobile apps…

[Admin: To see other related posts, use the FieldFLEX tag.]

Continue reading

Is there a way to enable TRIRIGA to use JSON not GWT-RPC calls?


I am working on creating scripts for the TRIRIGA application. I am using HPE LoadRunner for this purpose. As the TRIRIGA application uses GWT-RPC calls, we have some encrypted content being communicated between the TRIRIGA server and browser. We did use the web debuggers and tools, but this content is encrypted.

Do we have the option in TRIRIGA to enable it to use the JSON or any other readable format, rather than GWT-RPC, by default? It will enable us to capture the decrypted content and change the data for replay of our scripts as we need.

[Admin: This post is related to the 03.11.15 post about sharing a correlation file for LoadRunner.]

Continue reading

What is the support for SAML SSO with external assertions, SHA-2, and multiple principal names?


What is the IBM TRIRIGA support scope for SAML SSO with external assertions, SHA-2 encryption, and multiple principal names simultaneously? We need to implement SSO with SAML and want to know if there are any restrictions when running that with the IBM TRIRIGA product.

[Admin: This post is related to the 08.18.16 post about TRIRIGA support for SAML for non-browser clients, and the 06.03.16 post about implementing SAML SSO with WebSphere Liberty.]

Continue reading

Is there a way to encrypt the AutoCAD data in TRIRIGA?


Our customer wants to secure the confidential AutoCAD data in TRIRIGA. Do you know how the AutoCAD data is stored in TRIRIGA? In the database or in the file system? Are there any options to encrypt the AutoCAD data in TRIRIGA?

Generally, we store TRIRIGA data on the AutoCAD drawings, not the other way around. For example, we store a floor record ID on an attached drawing, and space record IDs on attached spaces, etc. We do not store any AutoCAD handles in TRIRIGA at all. The main exception is when publishing a drawing to TRIRIGA, in which case, we do store the DXF information in the TRIRIGA database. We also store a graphical representation of the publish drawing as binary data in BLOB fields in the database. We do store some information in a few database tables for bookkeeping purposes…

In general, this data is not easily accessible in TRIRIGA itself, requiring back-end database access instead. So any AutoCAD data we use is stored in the TRIRIGA database. I’m not really familiar with the encryption options here; you might want to inquire in the TRIRIGA Application Platform forum…

Continue reading

How does TRIRIGA store and secure uploaded documents?


How are uploaded documents stored and secured in the TRIRIGA application? Knowing this will give insight on how documents are being stored in the database, especially if the files uploaded contain Sensitive Personal Information (SPI).

Uploaded documents are stored in TRIRIGA as binary large object (BLOB) data in the database and are therefore not readable. Your TRIRIGA security should be set up to restrict access to these files from the TRIRIGA application.

[Admin: This post is related to the 04.08.16 post about where your documents go in TRIRIGA.]

Continue reading

What are 20 questions regarding TRIRIGA security vulnerabilities?


IBM TRIRIGA platform development follows the strict rules set within the IBM Secure Engineering Framework (SEF). The full book on the SEF can be found at this link. Here are answers to 20 specific questions. If there are additional questions or concerns not outlined below, refer to the link above.

  1. Have denial of service (DOS) scenarios been considered or tested?
  2. Is sensitive personal information stored encrypted?
  3. Are only input files with valid multipurpose internet mail extensions (MIME) types accepted?
  4. Is input validation performed at the server to prevent URL redirection to an invalid site?
  5. Is input validation performed at the server on any numeric input by ensuring that it is within the expected range?
  6. When accessing a user-controlled array index, is input validation performed at the server to ensure that the ranges are within the target array?
  7. When buffer size calculations are dependent on user input, are buffer size ranges checked to be within expected values?
  8. When copying user input at the server, does the code manage buffer boundaries to avoid buffer overflows?
  9. Does the code manage input length at server to avoid buffer overflows?
  10. Is input data sanitized and validated at the server to protect from OS commanding attacks?…

Continue reading