Security

Is it safe to use REST API Login with password in the URL

Hi guys,

The title is pretty clear : we have a doubt concerning security when we see that the Login REST API sends the user's password in the URL.

How can we check user permissions ?

Hi guys,

I'm trying to understand how REST API's permissions work with Bonita 7.4, if someone can provide any info it would be nice :)

So here's what I understood :

Why does the tasks not load when CSRF is enabled in the configuration file.

Hi

I have enabled CSRF from false to true in the security config file.
The path is /bonita/client/platform/conf .

Once I set the value as true ( referred Bonita documentation), then in my portal i can see all the tasks. But when I click on a task and select do it, the page just reloads (task list page).
If I make it as false. then the tasks work fine . But setting it true does not open the tasks.

Need To implement some security Measures in BonitaSoft Portal and subsequent Apps

Hi

I need to implement some Security Features in my Portal . below are the list of issues that were identified .
Please point me to the correct documentation or Steps that I need in order to implement the security measures.

1) I observed that AutoComplete was enabled in potentially sensitive form fields. - Disable AutoComplete .

Unable to set Autologin feature in 7.1.4

Hi,

I am trying to set the pool level auto-login feature for a bonita form . I have created the username and password for the anonymous user(at pool level) and created a URL in the format of : (Note:Project Initiation is the pool name and 1.4.0 is the bos version and process = process Id ).

luciano_102's picture
luciano_102
Category: 

This project aims to develop connectors that meet the requirements of information security, such as: integrity, confidentiality , non-repudiation and authenticity.

The repository already contains developed connectors for integrity, encryption, decryption , digital printing and digital signature with digital certificates PKCS#12.

The development of connectors that meet other Information Security Requirements are welcome.

Releases for Information Security

Total downloads: 1 352
Version BonitaBPM Version Post date Download Link
PF2 7.x, 6.5.x, 6.4.x 2015-Jun-15 Download
1352 downloads
Release note

Does bonita have out of the box features for data confidentiality processes

I need to handle data that is restricted according to different actors.

Can I define in someway that data so it is handled differently whether is one actor or another.

And also how is data secured in terms of attackers trying to steal data with attacks like men in the middle or any other types of attacks.

Can data be encrypted in the database used by Bonita or when transmitted to an external database?

Thanks.

Bonita 6.x - BAR Files - Export - Dissemble/Decryption and Protection of Copyright.

Hi there,

BAR flies are compiled code of a process which allows them to be implemented in QA/Integration and Production setting and stops them being looked at by the unnecessary.

However I've just read in Build a process for deployment (point 4) that is is possible to simply reverse engineer a implemented BAR into a BOS and hence into studio (when using a SP version of Bonita).

BPM Studio sends credentials in the clear?

I just started evaluating Bonitasoft. When I run the "Travel Request" example from BPM Studio I noticed that it opens the browser with the username and password in the URL. This looks like a big security hole. Is there an alternative configuration?

X-FRAME-OPTIONS

Colegas,

Tengo el siguiente problema, pretendo cargar un formulario de bonita a través de un iframe dentro de un HTML, pero al momento de invocarlo no lo carga, ya revise mi archivo web.xml según la nota:

http://community.bonitasoft.com/answers/embed-bonita-page-iframe-0

Sin embargo al momento de comentar la linea

Notifications