CSP Gateway Configuration Guide - InterSystems Documentation


CSP Gateway Configuration Guide - InterSystems Documentation

CSP Gateway and Security

The second number is the internal Gateway build number. This number is incremented every time a modification is made

to the Gateway modules and, because of this, it is the critical factor in determining whether or not a particular feature is

included in a particular version.

2.2 CSP Gateway and Security

This section describes how the CSP Gateway relates to Caché security features. For more details on CSP authentication,

see the chapter Authentication in the Caché Security Administration Guide.

Gateway connections to Caché can be protected according to the following levels of security:

1. Minimal connection security (as was the case with early versions of the Gateway and Caché).

2. Simple username- and password-based authentication.

3. Kerberos-based authentication and data protection.

4. SSL/TSL-based authentication and data protection.

Remember that security applied here is solely for the purpose of authenticating the Gateway host to the Caché server. It

protects against the unauthorized creation of connections to the CSP engine (%cspServer). It does not, however, identify

an individual user of a CSP application. A user of a CSP application can only be positively identified by whatever user

login facility is provided by the application itself. For example, a Systems Manager logging on to the Management Portal

can only be identified by the username and password supplied to the Management Portal login form.

The stateless nature of the Web should also be borne in mind. There is no fixed relationship between a Gateway connection

to Caché and an individual user of a web application. Many users share the same connection.

Authenticating the CSP Gateway to Caché at connection time is important. If an attacker can impersonate a CSP Gateway,

it can redirect traffic through a system under his control (by technical means and/or social engineering) and read and/or

modify data at will. This is distinct from authenticating individual users to a CSP application. The CSP Gateway's Caché

username and password, Windows network credentials, or UNIX® Kerberos key table should never be used by ordinary


2.2.1 Gateway Security Parameters

Maintain the following security parameters using the CSP Gateway Web Management application. Under the Configuration

section, click Server Access and choose to edit, copy, or add a server. The Connection Security section has the following


• Connection Security Level — Choice of:

– Password

– Kerberos

– Kerberos with packet integrity

– Kerberos with encryption


• User Name

• Password

• Product— Choice of:

CSP Gateway Configuration Guide 33

More magazines by this user
Similar magazines