Submitted by Dibyajit.Roy on Sat, 10/29/2016 - 08:10
I have enabled CSRF from false to true in the security config file.
The path is /bonita/client/platform/conf .
Once I set the value as true ( referred Bonita documentation), then in my portal i can see all the tasks. But when I click on a task and select do it, the page just reloads (task list page).
If I make it as false. then the tasks work fine . But setting it true does not open the tasks.
Submitted by Dibyajit.Roy on Mon, 10/17/2016 - 09:53
I need to implement some Security Features in my Portal . below are the list of issues that were identified .
Please point me to the correct documentation or Steps that I need in order to implement the security measures.
1) I observed that AutoComplete was enabled in potentially sensitive form fields. - Disable AutoComplete .
Submitted by abhinethra1 on Wed, 02/24/2016 - 22:39
I am trying to set the pool level auto-login feature for a bonita form . I have created the username and password for the anonymous user(at pool level) and created a URL in the format of : (Note:Project Initiation is the pool name and 1.4.0 is the bos version and process = process Id ).
BAR flies are compiled code of a process which allows them to be implemented in QA/Integration and Production setting and stops them being looked at by the unnecessary.
However I've just read in Build a process for deployment (point 4) that is is possible to simply reverse engineer a implemented BAR into a BOS and hence into studio (when using a SP version of Bonita).
I just started evaluating Bonitasoft. When I run the "Travel Request" example from BPM Studio I noticed that it opens the browser with the username and password in the URL. This looks like a big security hole. Is there an alternative configuration?