Question

1
Replies
3158
Views
X
MandieGr Member since 2016 3 posts
PEGA
Posted: 3 years ago
Last activity: 3 years 6 months ago
Closed
Solved

Pega Web Mashup security concerns

I am posting on behalf of my client who has the following two issues/concerns:

 

  • #1: Pega Mash-up is rendered in the client / OLB through iFrame by design. We have been told by external application owners that Iframe is not a standard that and they are blocking today with security risks.

    • Are there alternate solutions for Pega Mash-up here? They do not want to go with Service based approach as we it has duplicate effort.

  • #2: iframe / HTML when rendered on the clients browser, it has the URL of the Pega application / Gateway. We got from the team that anyone can take out these URL's and access in another TAB or even creating their own application where they can break the security and can capture critical details. How does pega handles so we not impacted by clickjacking?

 

Security
Moderation Team has archived post
Share this page LinkedIn