Security

Need To implement some security Measures in BonitaSoft Portal and subsequent Apps

Submitted by Dibyajit.Roy on Mon, 10/17/2016 - 09:53

Hi

I need to implement some Security Features in my Portal . below are the list of issues that were identified .
Please point me to the correct documentation or Steps that I need in order to implement the security measures.

1) I observed that AutoComplete was enabled in potentially sensitive form fields. - Disable AutoComplete .

Security
error message
autocomplete

Unable to set Autologin feature in 7.1.4

Submitted by abhinethra1 on Wed, 02/24/2016 - 22:39

Hi,

I am trying to set the pool level auto-login feature for a bonita form . I have created the username and password for the anonymous user(at pool level) and created a URL in the format of : (Note:Project Initiation is the pool name and 1.4.0 is the bos version and process = process Id ).

Auto login
process id
Task Id
Url
authentication
Security
luciano_102's picture
luciano_102

Information Security

Saturday, May 16, 2015 - 21:10
Category: 
Connector

This project aims to develop connectors that meet the requirements of information security, such as: integrity, confidentiality , non-repudiation and authenticity.

The repository already contains developed connectors for integrity, encryption, decryption , digital printing and digital signature with digital certificates PKCS#12.

The development of connectors that meet other Information Security Requirements are welcome.

Repository URL: 
https://drive.google.com/drive/folders/0BwgFaYVAURN8Mlpnb1hNLWxReHc?usp=sharing

Does bonita have out of the box features for data confidentiality processes

Submitted by ffernandezc on Tue, 05/12/2015 - 01:32

I need to handle data that is restricted according to different actors.

Can I define in someway that data so it is handled differently whether is one actor or another.

And also how is data secured in terms of attackers trying to steal data with attacks like men in the middle or any other types of attacks.

Can data be encrypted in the database used by Bonita or when transmitted to an external database?

Thanks.

Security
confidentiality
CyberSecurity
confidential
Data
databases

Bonita 6.x - BAR Files - Export - Dissemble/Decryption and Protection of Copyright.

Submitted by Sean McP on Wed, 08/20/2014 - 07:12

Hi there,

BAR flies are compiled code of a process which allows them to be implemented in QA/Integration and Production setting and stops them being looked at by the unnecessary.

However I've just read in Build a process for deployment (point 4) that is is possible to simply reverse engineer a implemented BAR into a BOS and hence into studio (when using a SP version of Bonita).

bonita
export
BAR
protection
decomposition
Security

BPM Studio sends credentials in the clear?

Submitted by ricardo.g on Mon, 07/14/2014 - 20:31

I just started evaluating Bonitasoft. When I run the "Travel Request" example from BPM Studio I noticed that it opens the browser with the username and password in the URL. This looks like a big security hole. Is there an alternative configuration?

Security
Bonita BPM studio 6.3.0

X-FRAME-OPTIONS

Submitted by ivan.balve on Thu, 05/29/2014 - 01:29

Colegas,

Tengo el siguiente problema, pretendo cargar un formulario de bonita a través de un iframe dentro de un HTML, pero al momento de invocarlo no lo carga, ya revise mi archivo web.xml según la nota:

http://community.bonitasoft.com/answers/embed-bonita-page-iframe-0

Sin embargo al momento de comentar la linea

iframe
filters
Security
tomcat
x-frame-options

Web Service Connector Authentication and WSS

Submitted by brusinovic on Thu, 01/16/2014 - 19:23

Hello,

I am new to Bonita (as of today :)).

Just tried a simple Web service and it works fine with unsecured web service and Basic Authentication, but our production web services require WS-Security with Username Token.

Thanks,

Boris

Security
webservice
Notifications