Administering and Securing the Environment
The new WebFOCUS Client repository and authorization
security model uses an implementation of Role-Based Access Control
(RBAC) to enforce security across all resources in the repository.
The flexibility of the new model enables an administrator to implement
security at a granular level for every resource in the WebFOCUS
repository.
Resource Analyzer and Resource Governor help Information Systems
(IS) organizations analyze and control end user data access, as
well as provide site-specific control options.
xWebFOCUS Client Repository and Authorization Security
-
SAML for Single Sign On Support. WebFOCUS
offers single sign on support for SAML 2.0 as a candidate for release
feature.
-
Centralized Validation of Product Variables. WebFOCUS
provides enhanced protection against SQL injection and cross-site
scripting attacks by using a centralized filter to validate all
product variables by URI. When a request fails the validation test,
the request is not validated and a generic error message is displayed
to the user. Blocked requests are logged for administrator review
and violations are aggregated into a list that can be used to develop
new filters.
-
Parameter Prompting Behavior. The
IBIMR_promptingUnset setting enables or disables parameter prompting
for Managed Reporting procedures (FEXes) when IBIMR_prompting is
set to XMLPROMPT or XMLRUN, and the Prompt for Parameters setting
is unchecked in the FEX Properties dialog box.
-
Confirmation Message When Moving Folders. You
can set the IBI_Move_Confirmation_Message parameter to specify whether
WebFOCUS will request confirmation when a user moves a folder using
a drag-and-drop operation. The default value is False.
-
IBI_XFrameOptions Setting. The
IBI_XFrameOptions setting in the Filters category of the Administration
Console prevents your content from being embedded in other sites,
as a security measure against clickjacking attacks.
-
IBI_Message_Detail Setting. The
IBI_Message_Detail setting in the Security category of the Administration
Console determines when users receive detailed or simplified error
messages. The detailed message appears in the event.log for administrator
troubleshooting.
-
Updating Application Settings on the Command Line. You
can update any WebFOCUS Application Setting with the updateWebconfig.bat
utility (for Windows) or the updateWebconfig.sh utility (for UNIX).
These command line utilities modify the ibi\WebFOCUS81\config\webconfig.xml
file and automatically encrypt any passwords you update.