How to Work Securely

The Process Designer supports HTTP and HTTPS transport protocols and two types of authentication; HTTP Basic Authentication and WS-Security UsernameToken authentication.

VPD listens on port 8383 for secure HTTP traffic

Adding Authentication to a Service

You can add, edit, and view the authentication schemes associated with a service on the Properties tab under Authentication. On the Authentication panel you can add new authentication credentials or edit existing credentials for the selected service.

You can add one set of basic authentication or WS-Security credentials for each web service.

See Adding and Editing Authentication Credentials for instructions on how to add and edit credentials.

Using HTTPS

You can import services securely using the HTTPS protocol. After a secure connection is established, the WSDL is imported in the same manner as a WSDL using the HTTP protocol. The Process Designer does not differentiate between files imported over HTTP or HTTPS once they are imported.

If you are importing a Verastream Host Integrator 7.x Web service, all HTTPS communication is handled through port 9681 and non-secure communication is handled through port 9680.

If an untrusted or invalid server certificate is encountered, the Process Designer prompts you to confirm that you want to proceed with the untrusted connection. A certificate is considered invalid if it has expired, its validation date has not yet occurred, or if there are other errors. A certificate is untrusted if it was not issued by a trusted central authority.

 

untrusted connection

Click Details to see information associated with the invalid or untrusted certificate.

To execute a service securely

After you deploy your service, a message displays with a URL address to the deployed service.

success message

In this example, the URL (http://localhost:8282/vse/services/test_ui?wsdl) is using an unsecure transport and port. To use HTTPS this URL should look like this: https://localhost:8383/vse/services/test_ui?wsdl. You have changed http to https and the port number from 8282 to the secure port 8383.

Securing Files

Thinking about preventing tampering, information leakage, and other security vulnerabilities is important. The Process Server stores information in files that you should take care to secure within your system environment.

These files are:

Process Server files and directories

The account running the Process Server will need read/write access to these files.

File or directory name
Location
Description
configure.endpoint C:\Program Files (x86)\Micro Focus\Verastream\
ProcessServer\services\composite\processes
This file may contain HTTP Basic Authentication credentials
Java class files C:\Program Files (x86)\Micro Focus\Verastream\
ProcessServer\services\composite\runtime\WEB-INF\classes\
com\attachmate\security\auth\callback\axis2
If present, these class files may be decompiled to reveal WS-Security UsernameToken credentials.

Design Studio files and directories

While security vulnerabilities are unlikely, you may have some concerns regarding files that are accessible in the Design Studio. The developer using the Design Studio will need read/write access to these files:

File or directory name
Location
Description
.csbpel Within each project folder This file may contain encrypted credentials if an imported service requires HTTP Basic Authentication or WS-Security UsernameToken authentication.
.keyring <user_directory>\.attachmate\verastream\
processdesigner\configuration\org.eclipse.core.runtime
This is the Eclipse platform keyring. This file contains the credentials that are saved when you choose to have the Process Designer remember credentials on the Web server.
Related Topics
Bullet Adding and Editing Authentication Credentials
Bullet Importing Schema
Bullet Importing Web Services