Question

1
Replies
3474
Views
Mandie Green (MandieGr)
PEGA
Senior Client Success Manager
Pegasystems Inc.
US
MandieGr Member since 2016 3 posts
PEGA
Posted: December 22, 2016
Last activity: December 30, 2016
Posted: 22 Dec 2016 12:55 EST
Last activity: 30 Dec 2016 5:09 EST
Closed
Solved

Pega Web Mashup security concerns

I am posting on behalf of my client who has the following two issues/concerns:

 

  • #1: Pega Mash-up is rendered in the client / OLB through iFrame by design. We have been told by external application owners that Iframe is not a standard that and they are blocking today with security risks.

    • Are there alternate solutions for Pega Mash-up here? They do not want to go with Service based approach as we it has duplicate effort.

  • #2: iframe / HTML when rendered on the clients browser, it has the URL of the Pega application / Gateway. We got from the team that anyone can take out these URL's and access in another TAB or even creating their own application where they can break the security and can capture critical details. How does pega handles so we not impacted by clickjacking?

 

Security
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.