You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

SSL

Enabling SSL would ensure that communication between the end user's browser to be server is secure. Please see Setting Up SSL on Tomcat to learn more.

启用SSL将确保最终用户的浏览器与服务器之间的通信是安全的。请参阅  在Tomcat  上设置SSL以了解更多信息。

What is SSL?

SSL  ( Secure Sockets Layer ) is the standard security technology for establishing an encrypted link between a web server and a browser.

SSL  ( 安全套接字层 )是在Web服务器和浏览器之间建立加密链接的标准安全技术。



Without SSL

Without the use of SSL between the end client and the server, any data sent between these 2 parties will be susceptible to data sniffing by hackers as the data packets travel from end to end.

如果在最终客户端和服务器之间没有使用SSL,那么在这两方之间发送的任何数据都将容易受到黑客的数据嗅探,因为数据包从一端到另一端。


Domain Whitelist for API Calls

API调用的域白名单

Refer to API Domain Whitelist in Settings to whitelist domains that are consuming Joget's APIs.

请参阅  “设置中的API域白名单”  ,将使用Joget API的域列入白名单。

Advantage

By enabling this option, only servers white listed are able to communicate with the server.

通过启用此选项,只有列出的服务器才能与服务器通信。

Directory User Access Control

目录用户访问控制

Maintaining good password policy management would ensure that user's password is kept safe. Security Enhanced Directory Manager is recommended to be used. The Security Enhanced Directory Manager features enhanced security and control on user management.

Enabling Multi-Factor Authentication using TOTP is also an added strength to it.

保持良好的密码策略管理将确保用户的密码安全。  建议使用 安全增强型目录管理器 。在  安全增强目录管理  功能,加强用户管理的安全性和控制。

  使用TOTP 启用  多因素身份验证  也是它的另一个优势。

Advantage

By enabling this option, this will increase security of the user's login information.

通过启用此选项,这将增加用户登录信息的安全性。

Without SSL

Without the use of SSL between the end client and the server, login information will be sent in non-encrypted, clear text to the end server.

如果在终端客户端和服务器之间没有使用SSL,则登录信息将以未加密的明文形式发送到终端服务器。

Process Start White List

进程开始白名单

Make use of this feature located under Map Participants to Users to limit on who can start a process instance.

利用 Map Participants to Users 下的此功能   来限制谁可以启动流程实例。

Userview Menu Permission Control

用户视图菜单权限控制

Permission Control is used to exert control and manage access to various components in a developed Joget App. There are 4 main components/areas where permission control can be exerted. They are:-

权限控制  用于在开发的Joget应用程序中对各种组件进行控制和管理访问。有4个主要组件/区域可以进行权限控制。他们是:-

  • Userview

    用户视图

  • Userview Category

    Userview类别

  • Form

    表单

  • Form Section

    表单分区

Showing the App in App Center only after user is logged on

The most common practice is to list down apps in the App Center only if the user is logged in. To do so, head to the Userview Properties of your app, and locate Permission Type and set it to Logged In User.

最常见的做法是仅在用户登录时在App Center中列出应用程序。为此,请到 您的应用程序的“用户视图属性 ”,然后找到“ 权限类型” 并将其设置为“ 登录用户”


As a best practice, the userview should be secure by default. You can set the userview permission as a whole to "Logged In User" before further hardening at each and every userview category, including the hidden ones. An unprotected userview allows anonymous users and even robots (i.e googlebots to cache the page) access the userview when the app is set to published.

"Hide From Menu" under Userview Category does not mean it is not accessible. It is simply not visible to users.

Read more at Permission Control.

阅读  权限控制

Password Encryption

密码加密

During application design, any sensitive information such as password may be encrypted for security purpose. You may change the key and salt used in a Joget Workflow server to further enhance its security.

在应用程序设计过程中,出于安全目的,任何敏感信息(如密码)均可能被加密 您可以更改Joget Workflow服务器中使用的密钥和salt,以进一步增强其安全性。

Making changes to the key and salt will render all passwords unusable in an existing server therefore it is only recommended to do during initial server installation.

对密钥和salt进行更改将使所有密码在现有服务器中不可用,因此建议在初始服务器安装期间执行。

Import/Export App

In an exported app, any password saved in the application design will be encrypted as well. Hence, when the app is imported into another server, be sure to reconfigure all saved password as servers with different key and salt would render the passwords unusable.

在导出的应用程序中,保存在应用程序设计中的任何密码也将被加密。因此,当应用程序导入到另一台服务器时,请确保将所有保存的密码重新配置为具有不同密钥和salt的服务器,否则会导致密码不可用。

Locate the file customApplicationContext.xml in \apache-tomcat-8.5.14\webapps\jw\WEB-INF\classes and add in line 6-9 as shown below.

\ apache-tomcat-8.5.14 \ webapps \ jw \ WEB-INF \ classes中 找到 customApplicationContext.xml 文件  ,  并在第6-9行添加,如下所示。    

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
 
    <bean id="dataEncryption" class="org.joget.apps.workflow.security.SecureDataEncryptionImpl">
        <property name="salt" value="NEW-VALUE-GOES-HERE"/>
        <property name="key" value="NEW-VALUE-GOES-HERE"/>
    </bean>    
	
</beans>

Replace line 7 and 8 salt and key value to your own one.

将7和8行关键值替换为你自己的。

  • No labels