CSP Gateway Configuration Guide - InterSystems Documentation

More documents

Recommendations

Info

CSP Gateway Operation and Configuration 1. From the Web Gateway Management Main Menu, select Application Access. 2. At the Application Access screen, select an application path. 3. Select Edit Application. 4. Click Submit. The configuration screen for the application path appears. 5. For the Application Status parameter, select Disabled. 6. Click Save Configuration. To re-enable access, repeat the procedure and select Enabled at Step 5. 2.1.9.4 Deleting an Application Path Configuration To delete a configured application path: 1. From the Web Gateway Management Main Menu, select Application Access. 2. At the Application Access screen, select an application path. 3. Select the Delete Application option. 4. Click Submit. 2.1.10 About CSP Gateway Page This is the default page displayed when you first enter the CSP Web Gateway Management page. It shows the Gateway build number, the version of the Caché distribution with which the Gateway was supplied, and basic information about the version of the hosting web server. Example: Version: 2007.1.0.179.0 Gateway Build: 701.896 Web Server Name: 127.0.0.1 Web Server Type: Microsoft (or ISAPI-compliant) Web Server: Microsoft-IIS/5.1 Cache-Server-Pages/2007.1.0.179.0-665.896 Active Interface: IIS ISAPI 2.1.10.1 CSP Gateway Build Numbers The Gateway build number is made up of two numeric components. The first number indicates the version of Caché with which the Gateway modules were supplied. For example: • 802 — Caché v2008.2.x • 901— Caché v2009.1.x • 902 — Caché v2009.2.x • 1001 — Caché v20010.1.x • 1002 — Caché v20010.2.x • 1101 — Caché v20011.1.x • 1102 — Caché v20011.2.x • 1201 — Caché v20012.1x • 1202 — Caché v20012.2x 32 CSP Gateway Configuration Guide
CSP Gateway and Security The second number is the internal Gateway build number. This number is incremented every time a modification is made to the Gateway modules and, because of this, it is the critical factor in determining whether or not a particular feature is included in a particular version. 2.2 CSP Gateway and Security This section describes how the CSP Gateway relates to Caché security features. For more details on CSP authentication, see the chapter Authentication in the Caché Security Administration Guide. Gateway connections to Caché can be protected according to the following levels of security: 1. Minimal connection security (as was the case with early versions of the Gateway and Caché). 2. Simple username- and password-based authentication. 3. Kerberos-based authentication and data protection. 4. SSL/TSL-based authentication and data protection. Remember that security applied here is solely for the purpose of authenticating the Gateway host to the Caché server. It protects against the unauthorized creation of connections to the CSP engine (%cspServer). It does not, however, identify an individual user of a CSP application. A user of a CSP application can only be positively identified by whatever user login facility is provided by the application itself. For example, a Systems Manager logging on to the Management Portal can only be identified by the username and password supplied to the Management Portal login form. The stateless nature of the Web should also be borne in mind. There is no fixed relationship between a Gateway connection to Caché and an individual user of a web application. Many users share the same connection. Authenticating the CSP Gateway to Caché at connection time is important. If an attacker can impersonate a CSP Gateway, it can redirect traffic through a system under his control (by technical means and/or social engineering) and read and/or modify data at will. This is distinct from authenticating individual users to a CSP application. The CSP Gateway's Caché username and password, Windows network credentials, or UNIX® Kerberos key table should never be used by ordinary users. 2.2.1 Gateway Security Parameters Maintain the following security parameters using the CSP Gateway Web Management application. Under the Configuration section, click Server Access and choose to edit, copy, or add a server. The Connection Security section has the following settings: • Connection Security Level — Choice of: – Password – Kerberos – Kerberos with packet integrity – Kerberos with encryption – SSL • User Name • Password • Product— Choice of: CSP Gateway Configuration Guide 33
Page 1 and 2: CSP Gateway Configuration Guide Ver
Page 3 and 4: Table of Contents About this Book .
Page 5 and 6: 5.4 Operating the Network Service D
Page 7: About this Book This book describes
Page 10 and 11: Introduction to the CSP Gateway The
Page 12 and 13: Introduction to the CSP Gateway To
Page 14 and 15: Introduction to the CSP Gateway 3.
Page 16 and 17: Introduction to the CSP Gateway 1.1
Page 18 and 19: CSP Gateway Operation and Configura
Page 64 and 65: Web Servers for Microsoft Windows 4
Page 68 and 69: Web Servers for Microsoft Windows R
Page 70 and 71: Web Servers for Microsoft Windows I
Page 76 and 77: Web Servers for Microsoft Windows
Page 78 and 79: Web Servers for Microsoft Windows B
Page 80 and 81: Web Servers for UNIX®, Linux, and
Page 89 and 90:
5 Web Servers for HP OpenVMS If you
Page 91 and 92:
Recommended Option: OpenVMS and Apa
Page 93 and 94:
Locked-down Apache Environments for
Page 95:
Operating the Network Service Daemo
Page 98 and 99:
Atypical Configurations for Microso
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Atypical Configurations for UNIX®,
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 149 and 150:
C Atypical Configurations for HP Op
Page 151 and 152:
D Apache Considerations UNIX®, Lin
Page 153 and 154:
Apache Process Management and Capac
Page 155 and 156:
State-Aware Sessions (Preserve mode
Page 157 and 158:
E Building Apache for IBM AIX Note:
Page 159 and 160:
Building Apache for IBM AIX # Rule
Page 161 and 162:
Building Apache for IBM AIX @echo "
Page 163 and 164:
Page 165 and 166:
Page 167:
Building Apache for IBM AIX Having
Page 171 and 172:
G IIS Technical Notes For those int
Page 173 and 174:
Bitness — 32-bit Apps on 64-bit S
show all

CSP Gateway Configuration Guide - InterSystems Documentation

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?