General Security Awareness #4413338/HEAD / v340 |
Tags:
not added yet
1.1General Security AwarenessCodebeamer is a tool and every tool needs maintenance administration regular bases. Security administration is also an important key factor which needs to be take care and check against malicious hack attempts. Here are we sort some key factors how to treat with your databases and passwords securely. 1.1.1Use HTTPS Instead of HTTPCodebeamer communicates with client browsers by default with HTTP protocol which is a not secure protocol. If you log into Codebeamer your username and password will be sent over this protocol as plain text. It is strongly recommended using only Strong SSL Trusted Certificate (see below) to avoid password stealing. Using HTTPS protocol, all data including usernames and passwords will be encrypted by a trusted provider.
It is strongly recommended disabling all HTTP connectors thus only HTTPS based connectors are available.
1.1.2Trusted CertificateThere are several SSL Certificate providers but some of their Certificate are not strong enough and hackers may break their encryption. We strongly suggest to select Trusted and Strong Certificate providers to mitigate the impact of hack attempts. (Some examples: Geo Trust, Rapid SSL, Symantec, DigiCert, Comodo) 1.1.3VPNIf working via Internet is it strongly recommended using VPN connection to make communication more secure. 1.1.4Attachment and Document StorageAs default, all attachments and documents (under Documents tab) are stored to the file system without any encryption. With Oracle, it can be configured in <document store-into-db="true" ...
This configuration is recommended only with Oracle! Additionally file system with encryption is also recommended. 1.1.5Rest API Uses Basic Authentication ProtocolBasic Authentication is a simplest way to provide your username and password to the given server, as described before here the passwords are posted to the server as Plain text message and can cause security problems without HTTPS protocol usage. 1.1.6Secure Your Database Password
Starting from Codebeamer 9.2.0
Database passwords stored as plain text by default in It is possible to set the storage type of the database connection password in the 'database' tag in the Possible values:
When Codebeamer is starting then it will check the JDBC_Password attribute in the general.xml. If there is a not encrypted password and the storage type is encrypted or external then the password will be encrypted automatically. If the storage type is external then the JDBC_Password attribute will be removed from the general.xml. For example: <database JDBC_Driver="oracle.jdbc.driver.OracleDriver" JDBC_ConnectionURL="jdbc:oracle:thin:@localhost:1521/orcl12" JDBC_Username="user" JDBC_Password_Storage="external" /> 1.1.7Secure Your Repository Passwords
Starting from Codebeamer 9.2.0
Repository passwords stored as plain text in database for Repositories but starting from Codebeamer 9.2.0 all SCM repository passwords are also encrypted automatically after the creation or modification process of Repository metadata. 1.1.7.1Authentication Handling with Subversion, Git and MercurialAccessing Subversion Using Apache
|
Fast Links
![]() codebeamer Overview codebeamer Knowledge Base Services by Intland Software |
This website stores cookies on your computer. These cookies are used to improve your browsing experience, constantly optimize the functionality and content of our website, and help us understand your interests and provide more personalized services to you, both on this website and through other media. With your permission, we and our partners may use precise geolocation data and identification through device scanning. You may click accept to consent to our and our partners’ processing as described above. Please be aware that some processing of your personal data may not require your consent, but you have a right to object to such processing. By using our website, you acknowledge this notice of our cookie practices. By accepting and continuing to browse this site, you agree to this use. Your preferences will apply to this website only.
Note that user-behavior analytics are being captured on this server to improve the Codebeamer user experience.