Posted: 8 Mar 2017 1:15 EST Last activity: 22 Mar 2017 2:25 EDT
Are there any guide lines for security checks to be followed for the Pega Instance hosted inthe AWS cloud instance ?
our client is moving the pega setup to AWS cloud. The application hosted in the Pega cloud instance is going to be accessed over the web. Are there any guide lines available for the security checks to be followed to provide more security for the application ?
I have some problems with the web mashup code exposing the url of the system which we are accessing and also when we view the source of the ui the entire url is getting exposed. Is there any process of masking the url ?
<!DOCTYPE html> <html lang='en-AU' class="wk chrome yui-skin-sam"> <head>
<meta name="viewport" content="initial-scale=1, maximum-scale=1"> <title>Shift Management Front End portal</title>
There are multiple Queryconfig/DSS settings available to enable the security level on PRPC. Some of these DSS setting require hotfixes to enable these settings if you are using a low version (5x,6x,7.1x).
For the use case mentioned above, you can make use of below queryconfig setting to encrypt the URL.Also, note some of these settings will have an impact like designer studio will not work etc.
I strongly recommend you to get the list of security setting available in your on premises environment and contact your Account Execute to check the feasibility of enabling the same on PEGA cloud.
If you are running with SSL, the data will be encrypted over the wire and it will not be a security concern.
If you can discuss with your security team get the list of security measures going to implement in the environment then I can at least cross verify the known impact. Also, you can check the feasibility of enabling the security measure in application server itself instead of PRPC.