Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Chinese

Pagetitle
安全最佳实践
安全最佳实践


Table of Contents

SSL

Enabling SSL would ensure that communication between the end user's browser to be server is secure. Please see Setting Up SSL on Tomcat to learn more.

Chinese

启用SSL将确保最终用户的浏览器与服务器之间的通信是安全的。请参阅  在Tomcat  上设置SSL以了解更多信息。

Info
titleWhat is SSL?

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser.

Chinese

SSL  (安全套接字层)是在Web服务器和浏览器之间建立加密链接的标准安全技术。



Warning
titleWithout SSL

Without the use of SSL between the end client and the server, any data sent between these 2 parties will be susceptible to data sniffing by hackers as the data packets travel from end to end.

...

Chinese

如果在最终客户端和服务器之间没有使用SSL,那么在这两方之间发送的任何数据都将容易受到黑客的数据嗅探,因为数据包从一端到另一端。


Domain Whitelist for API Calls

Chinese

API调用的域白名单

Refer to API Domain Whitelist in Settings to whitelist domains that are consuming Joget's APIs.

Chinese

请参阅  “设置中的API域白名单”  ,将使用Joget API的域列入白名单。

Info
titleAdvantage

By enabling this option, only servers white listed are able to communicate with the server.

Chinese

通过启用此选项,只有列出的服务器才能与服务器通信。

Directory User Access Control

Chinese

目录用户访问控制

Maintaining good password policy management would ensure that user's password is kept safe. Security Enhanced Directory Manager is recommended to be used. The Security Enhanced Directory Manager features enhanced security and control on user management.

Enabling Multi-Factor Authentication using TOTP is also an added strength to it.

Chinese

保持良好的密码策略管理将确保用户的密码安全。  建议使用安全增强型目录管理器。在  安全增强目录管理  功能,加强用户管理的安全性和控制。

 使用TOTP启用  多因素身份验证  也是它的另一个优势。

Info
titleAdvantage

By enabling this option, this will increase security of the user's login information.

Chinese

通过启用此选项,这将增加用户登录信息的安全性。

Warning
titleWithout SSL

Without the use of SSL between the end client and the server, login information will be sent in non-encrypted, clear text to the end server.

Chinese

如果在终端客户端和服务器之间没有使用SSL,则登录信息将以未加密的明文形式发送到终端服务器。

Process Start White List

Chinese

进程开始白名单

Make use of this feature located under Map Participants to Users to limit on who can start a process instance.

Chinese

利用Map Participants to Users下的此功能   来限制谁可以启动流程实例。

Userview Menu Permission Control

Chinese

用户视图菜单权限控制

Permission Control is used to exert control and manage access to various components in a developed Joget App. There are 4 main components/areas where permission control can be exerted. They are:-

Chinese

权限控制  用于在开发的Joget应用程序中对各种组件进行控制和管理访问。有4个主要组件/区域可以进行权限控制。他们是:-

  • Userview

    Chinese

    用户视图

  • Userview Category

    Chinese

    Userview类别

  • Form

    Chinese

    表单

  • Form Section

    Chinese

    表单分区

Info
titleShowing the App in App Center only after user is logged on

The most common practice is to list down apps in the App Center only if the user is logged in. To do so, head to the Userview Properties of your app, and locate Permission Type and set it to Logged In User.

Chinese

最常见的做法是仅在用户登录时在App Center中列出应用程序。为此,请到您的应用程序的“用户视图属性 ”,然后找到“ 权限类型”并将其设置为“ 登录用户”

Read more at Permission Control.

Chinese

阅读  权限控制

Password Encryption

Chinese

密码加密

During application design, any sensitive information such as password may be encrypted for security purpose. You may change the key and salt used in a Joget Workflow server to further enhance its security.

Chinese

在应用程序设计过程中,出于安全目的,任何敏感信息(如密码)均可能被加密 您可以更改Joget Workflow服务器中使用的密钥和salt,以进一步增强其安全性。

Warning

Making changes to the key and salt will render all passwords unusable in an existing server therefore it is only recommended to do during initial server installation.

Chinese

对密钥和salt进行更改将使所有密码在现有服务器中不可用,因此建议在初始服务器安装期间执行。

Info
titleImport/Export App

In an exported app, any password saved in the application design will be encrypted as well. Hence, when the app is imported into another server, be sure to reconfigure all saved password as servers with different key and salt would render the passwords unusable.

Chinese

在导出的应用程序中,保存在应用程序设计中的任何密码也将被加密。因此,当应用程序导入到另一台服务器时,请确保将所有保存的密码重新配置为具有不同密钥和salt的服务器,否则会导致密码不可用。

Locate the file customApplicationContext.xml in \apache-tomcat-8.5.14\webapps\jw\WEB-INF\classes and add in line 6-9 as shown below.

Chinese

\ apache-tomcat-8.5.14 \ webapps \ jw \ WEB-INF \ classes中 找到customApplicationContext.xml文件  ,  并在第6-9行添加,如下所示。  

Code Block
languagejs
linenumberstrue
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
 
    <bean id="dataEncryption" class="org.joget.apps.workflow.security.SecureDataEncryptionImpl">
        <property name="salt" value="NEW-VALUE-GOES-HERE"/>
        <property name="key" value="NEW-VALUE-GOES-HERE"/>
    </bean>    
	
</beans>

Replace line 7 and 8 salt and key value to your own one.

Chinese

将7和8行关键值替换为你自己的。