Securing applications from malicious attack 

IBM Connections provides security measures, such as an active content filter and content upload limits, that you can use to mitigate the risk of malicious attacks. Because these security measures can also limit the flexibility of the applications, you, as the system administrator, must evaluate the security of your network and determine whether or not you need to implement them.

Any software that displays user authored content can be vulnerable to cross-site scripting (XSS) attacks. Attackers can introduce JavaScriptâ„¢ into their content that can, among other things, steal a user's session. Session stealing in a single sign-on (SSO) environment poses particular challenges because any vulnerability to XSS attacks can render the entire single sign-on domain vulnerable.

One of the ways that IBM Connections provides a defense against this type of attack is by implementing an active content filter. The active content filter removes potentially harmful text content, such as JavaScript, from user input added to a post or entry before saving the post or entry to an application; it does not filter file attachments. You can turn off the active content filter altogether if you determine that your network is safe from the threat of malicious attacks. You can also change the content that is filtered per application by editing the configuration properties.


Considerations

While securing IBM Connections against malicious attacks mitigates the vulnerability to XSS attacks, it also limits what trusted users can do. For example, it removes the ability to add dynamic JavaScript content to a blog. Some areas to consider when deciding which security measures to implement are:

Text-based fields

File uploads

Custom templates


Parent topic

Security


Related tasks


Protecting against malicious active content

Related reference
Communities configuration properties
Activities configuration properties


   

 

});

+

Search Tips   |   Advanced Search