Predix_Logo
  • Categories
    • Questions
    • Predix | Updates
      • Pricing
      • Product
    • Deloitte - Private
    • How-To
    • Accenture-Private
  • Explore
    • Topics
    • Questions
    • Articles
    • Feedback or Feature Requests
  • Sign in
  • Home /
  • Questions /
avatar image
0
Question by Alexander.Barabanov@bhge.com · Nov 27, 2018 at 07:11 AM · securityapphub

Predix Apphub security settings/feature

Hi everybody, We have an application built using Predix Apphub. We are trying to adopt Predix Apphub feature to meet customer security requirements but have not found documentation describing that info. My questions are: 1. How to make Predix AppHub session cookie SameSite to protest against CSRF attack? 2. Is there any docs describing Predix App Hub access control and managing microapp capabilities functionality? E.g., how to restrict access to the “AppHub Settings” page? 3. How can I view Predix App Hub logs?

Thank you

Alexander

Comment
Add comment
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

1 Reply

  • Sort: 
avatar image
0

Answer by Jonnie Spratley · Nov 27, 2018 at 09:49 AM

Hi Alexander,

Im not sure what you mean about protest against CSRF, as for controlling access to micro-apps, you need to add the scope property to the micro-app. Then the current user must have that matching scope in order to view and use that application.

Comment
Add comment · Show 1 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Alexander.Barabanov@bhge.com · Dec 10, 2018 at 07:14 AM 0
Share

Hi Jonnie, Thanks for your answer. Related with CSRF: we have a case when we upload file using Predix Apphub UI. We have found that for content-type "multipart" there is no Apphub out of box CSRF protection. So, we are trying to work around that issue. According with my conversation with Apphub Engineer: Not all the browsers support SameSite feature, they haven’t added the feature yet because it might not allow access to one who are using older browsers.

Follow this Question

Answers Answers and Comments

107 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

How to protect microapp against Cross-Site Request Forgery? 1 Answer

Is it possible to integrate Predix AppHub with Predix ACS? 0 Answers

Question about security between Apphub and microapps 3 Answers

How does Predix help ensure security and data privacy? 2 Answers

proxy server on Fast token lib not working 2 Answers

GE Monogram
  • Legal
  • Cookies
  • Forum Terms
  • Contact Us
  • Copyright © 2017 General Electric Company. All rights reserved.


Enterprise
Social Q&A

  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Submit your feedback or feature request
  • Categories
  • Questions
  • Predix | Updates
    • Pricing
    • Product
  • Deloitte - Private
  • How-To
  • Accenture-Private
  • Explore
  • Topics
  • Questions
  • Articles
  • Feedback or Feature Requests